Summary: GitLab has released critical security updates for versions 17.8.1, 17.7.3, and 17.6.4 to address multiple vulnerabilities, including a high severity cross-site scripting (XSS) flaw. The most severe vulnerability, CVE-2025-0314, allows attackers to inject malicious scripts, potentially leading to session hijacking and data theft. GitLab urges all users to update their installations immediately to mitigate these risks.
Threat Actor: Unknown | unknown
Victim: GitLab users | GitLab users
Keypoints :
- Critical updates released for GitLab CE and EE versions 17.8.1, 17.7.3, and 17.6.4.
- CVE-2025-0314 vulnerability has a CVSS score of 8.7, allowing for XSS attacks.
- Other vulnerabilities include CVE-2024-11931 and CVE-2024-6324, with medium severity ratings.
Source: https://securityonline.info/cve-2025-0314-gitlab-releases-patch-for-xss-exploit/