CVE-2025-0555 HIGH

CVE-2025-0555: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-79 · XSS
Published March 3, 2025
Last update March 4, 2025

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.

Key dates

02Disclosure timeline

March 3, 2025 CVE published
March 4, 2025 Record updated