CVE-2025-4439
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-08-08
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 15.10.0 (inc) to 18.0.5 (exc) |
| gitlab | gitlab | From 15.10.0 (inc) to 18.0.5 (exc) |
| gitlab | gitlab | From 18.1.0 (inc) to 18.1.3 (exc) |
| gitlab | gitlab | From 18.1.0 (inc) to 18.1.3 (exc) |
| gitlab | gitlab | 18.2 |
| gitlab | gitlab | 18.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GitLab CE/EE allows an authenticated user to perform cross-site scripting (XSS) attacks when the GitLab instance is served through certain content delivery networks. It affects versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1.
How can this vulnerability impact me? :
The vulnerability can allow an authenticated user to execute cross-site scripting attacks, potentially leading to the compromise of user sessions, theft of sensitive information, or unauthorized actions within the GitLab instance. This can impact the confidentiality and integrity of data.