GitLab

Jun 15, 2025 — 1 min read

A critical vulnerability (CVE-2025-5121) has been identified in GitLab’s Ultimate Enterprise Edition, which is used for managing source code. This vulnerability poses a serious risk and requires immediate patching. GitLab has released security updates for self-managed installations and strongly advises upgrading to the patched versions (18.0.2, 17.11.4, 17.10.8). GitLab.com is already running the patched version, so GitLab Dedicated customers do not need to take action.

Source: https://www.csoonline.com/article/4006160/unpatched-holes-could-allow-takeover-of-gitlab-accounts.html

TPRM report: https://scoringcyber.rankiteo.com/company/gitlab-com

"id": "git301061525",
"linkid": "gitlab-com",
"type": "Vulnerability",
"date": "6/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"

{'affected_entities': [{'industry': 'Software Development',
                        'name': 'GitLab',
                        'type': 'Organization'}],
 'description': 'A new vulnerability in GitLab’s Ultimate Enterprise Edition '
                'used for managing source code is dangerous and needs to be '
                'quickly patched.',
 'impact': {'systems_affected': ['GitLab Ultimate Enterprise Edition']},
 'recommendations': ['Patch immediately to one of the versions: 18.0.2, '
                     '17.11.4, 17.10.8'],
 'response': {'remediation_measures': ['Upgrade to patched versions']},
 'title': 'GitLab Ultimate Enterprise Edition Vulnerability',
 'type': 'Vulnerability',
 'vulnerability_exploited': 'CVE-2025-5121'}

Published by

Jeremy C

GitLab

Wing FTP Server

Apache Foundation

GeoServer