CVE-2025-0555Cross-site Scripting in Gitlab

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 81.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedMar 3

Description

A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

CVEListV5gitlab/gitlab16.617.7.6+2
NVDgitlab/gitlab16.6.017.7.6+2
debiandebian/gitlab
gitlabgitlab/gitlab

🔴Vulnerability Details

1
GHSA
GHSA-2862-gpw6-r482: A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 162025-03-03

📋Vendor Advisories

2
GitLab
CVE-2025-0555: A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.92025-03-03
Debian
CVE-2025-0555: gitlab - A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions f...2025