CVE-2025-0811 — Cross-site Scripting in Gitlab

CWE-79 — Cross-site Scripting CWE-94 — Code Injection6 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 63.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE +2 more

Timeline

PublishedMar 27

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages7 packages

▶CVEListV5gitlab/gitlab17.7 — 17.8.6+2

▶NVDgitlab/gitlab17.7.0 — 17.8.6+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

CVE-2025-0811: An issue has been discovered in GitLab CE/EE affecting all versions from 17↗2025-03-27

▶

GHSA

GHSA-qvvw-3v9r-73ph: An issue has been discovered in GitLab CE/EE affecting all versions from 17↗2025-03-27

▶

📋Vendor Advisories

GitLab

CVE-2025-0811: An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper re↗2025-03-27

▶

Debian

CVE-2025-0811: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 be...↗2025

▶

Microsoft

A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container es↗2022-03-08

▶