CVE-2025-4700

High CVSS 8.7

Overview

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have potentially allowed a successful attacker to trigger unintended content rendering leading to XSS.

CWE: CWE-79 Published: 2025-07-23T18:15:27.750

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.7 (HIGH)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags