CVE-2025-4439

High CVSS 7.7

Overview

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated user to perform cross-site scripting attacks when the instance is served through certain content delivery networks.

CWE: CWE-79 Published: 2025-07-23T18:15:27.593

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.7 (HIGH)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags