Ddos 
GitLab has released an important security update today affecting both its Community Edition (CE) and Enterprise Edition (EE). The release addresses multiple high-severity vulnerabilities, ranging from unauthenticated Denial of Service (DoS) attacks to privilege escalation within CI/CD pipelines.
The highest-rated vulnerability in this batch, tracked as CVE-2024-9183 (CVSS 7.7), targets the CI/CD cache. This flaw is a race condition that could lead to severe privilege escalation. According to the advisory, “GitLab has remediated an issue that could have allowed an authenticated user to obtain credentials from higher-privileged users and perform actions in their context under specific conditions.”
Perhaps the most disruptive flaw for public-facing instances is CVE-2025-12571 (CVSS 7.5). This Denial of Service vulnerability resides in the JSON input validation middleware. It poses a significant risk because it does not require an attacker to be logged in.
In addition to the high-severity flaws, GitLab patched a concerning authentication bypass issue, CVE-2025-12653 (CVSS 6.5). This flaw could have allowed “an unauthenticated user to join arbitrary organizations by changing headers on some requests“. While the CVSS score is lower, the ability for unauthenticated actors to infiltrate organizations poses a clear integrity risk.
Other notable fixes include:
- CVE-2025-7449 (CVSS 6.5): A Denial of Service flaw in HTTP response processing that allows authenticated users to crash the service.
- CVE-2025-6195 (CVSS 4.3): An improperly authorized user could “view information from security reports under certain configuration conditions” (GitLab EE only).
- CVE-2025-13611 (CVSS 2.4): A low-severity information disclosure issue in the terraform registry involving sensitive log tokens.
GitLab urges administrators to upgrade to the latest versions (18.6.1, 18.5.3, or 18.4.5) as soon as possible to mitigate these risks.
Related Posts:
- Critical CI/CD Cache Poisoning Threatens Supply Chain: Undetectable Code Injection Possible!
- Urgent GitLab Security Alert: High-Severity Flaws Allow Account Takeover & Code Injection!
- GitLab Releases Security Updates: XSS and Authorization Bypass Flaws Patched
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
