GitLab: Discovered Vulnerabilities Allow Bypassing Security Measures and Executing Malicious Code

Several high-risk vulnerabilities have been identified in the GitLab platform. In particular, two critical Cross-Site Scripting (XSS) vulnerabilities allow attackers to bypass security defenses and execute malicious scripts in users’ browsers.

The vulnerabilities, CVE-2025-0475 (CVSS 8.7) and CVE-2025-0555 (CVSS 7.7), affect self-managed versions of GitLab. Exploiting these vulnerabilities could enable attackers to steal sessions, obtain credentials, and gain unauthorized access to the system.

1. Kubernetes Proxy Vulnerability (CVE-2025-0475)

A critical XSS vulnerability in GitLab’s Kubernetes proxy affects all versions from 15.10 to 17.9.0.

This vulnerability allows attackers to inject malicious JavaScript code due to improperly filtered proxy responses, leading to DOM-based XSS attacks.

According to GitLab’s official statement:

“Under certain conditions, the proxy function may lead to the unintended rendering of content, which could result in XSS attacks.”

This vulnerability can enable attackers to:

✔ Steal user session cookies (exfiltration via document.cookie);
✔ Modify CI/CD pipelines (manipulation via XMLHttpRequest);
✔ Deploy malicious containers through the Kubernetes API.

2. Maven Dependency Proxy XSS Vulnerability (CVE-2025-0555)

This XSS vulnerability affects GitLab-EE versions from 16.6 to 17.9.0.

It allows attackers to bypass Content Security Policy (CSP) restrictions by using specially crafted dependency metadata files that contain malicious JavaScript code. The root cause of this vulnerability is improper input validation when processing Maven artifacts.

According to GitLab’s official statement:

“This vulnerability, under certain conditions, allows bypassing security measures and executing malicious scripts in the user’s browser.”

Although this vulnerability is difficult to exploit (AC:H), it can enable privilege escalation from Developer to Maintainer.

3. Medium-Risk Vulnerabilities

Additionally, three medium-risk vulnerabilities have been identified:

✔ CVE-2024-8186 – HTML injection leading to limited XSS attacks (CVSS 5.4) in self-managed GitLab instances.
✔ CVE-2024-10925 – Guest users can access YAML security policy files (CVSS 5.3), exposing compliance rules.
✔ CVE-2025-0307 – The Planner role can access code review metrics (CVSS 4.3), potentially revealing confidential analytics.

GitLab has released versions 17.9.1, 17.8.4, and 17.7.6, addressing the identified vulnerabilities.

📌 Security enhancement recommendations:

✔ Update GitLab – Upgrading to the latest version is crucial to protect against malicious exploits.
✔ Strengthen CSP policies to prevent XSS – Properly configure Content Security Policy settings to block malicious script execution.
✔ Improve CI/CD pipeline security – Regularly review configurations and block unauthorized commands.
✔ Use browser security extensions – Users are advised to install plugins that protect against XSS attacks.
✔ Review GitLab user permissions – Enforce strict privilege controls between Developer and Maintainer roles.

The newly discovered GitLab vulnerabilities allow attackers to steal user sessions, compromise CI/CD pipelines, and deploy malicious containers via the Kubernetes API.

If GitLab is not updated promptly, these vulnerabilities could be exploited by APT groups. Therefore, it is critical to install patches immediately and strengthen security measures.

⚠ Warning: If GitLab security updates are delayed by more than 48 hours, the risk of exploitation increases significantly!

🔗 Visit the official GitLab website and install the latest updates!