CVE-2025-6948NVD

Vulnerability Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.

Severity Level

HIGH(8.7)

Published Date

Jul 10, 2025

Last Modified

Jul 25, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-79: Cross-site Scripting (XSS) ↗

The software does not neutralize user-controllable input before it is placed in output that is used as a web page.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionRequired

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityNone

External References

https://gitlab.com/gitlab-org/gitlab/-/issues/552616
https://hackerone.com/reports/3227316

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-6948NVD

Vulnerability Summary

External References