CVE-2025-0314 — Cross-site Scripting in Gitlab

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.1MEDIUMNVD

EPSS

6.0%

top 9.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedJan 24

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5gitlab/gitlab17.2 — 17.6.4+2

▶NVDgitlab/gitlab17.2.0 — 17.6.4+2

▶debiandebian/gitlab< gitlab 17.6.5-1 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2025-0314: An issue has been discovered in GitLab CE/EE affecting all versions from 17↗2025-01-24

▶

GHSA

GHSA-rww2-m274-8f9v: An issue has been discovered in GitLab CE/EE affecting all versions from 17↗2025-01-24

▶

📋Vendor Advisories

GitLab

CVE-2025-0314: An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rend↗2025-01-24

▶

Debian

CVE-2025-0314: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 be...↗2025

▶