CVE-2025-7734

HIGH LAB

GitLab CE/EE <18.0.6-18.2.2 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-7734. PoCs published by exploitintel.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-7734, a stored XSS vulnerability in GitLab CE/EE. The PoC includes scripts to automate the exploit chain, demonstrating how an attacker can achieve account takeover via malicious JavaScript execution in the blob viewer.

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 14.2 before 18.0.6, 18.1 before 18.1.4 and 18.2 before 18.2.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.

Exploits (1)

github WORKING POC 1 stars
by exploitintel · pythonpoc
https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-7734

This repository contains a functional exploit for CVE-2025-7734, a stored XSS vulnerability in GitLab CE/EE. The PoC includes scripts to automate the exploit chain, demonstrating how an attacker can achieve account takeover via malicious JavaScript execution in the blob viewer.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: GitLab Community Edition (CE) / Enterprise Edition (EE) versions 14.2.0 – 18.0.5 / 18.1.0 – 18.1.3 / 18.2.0 – 18.2.1
Auth required
Prerequisites: Docker Engine with Docker Compose plugin · GitLab instance (vulnerable version) · API token or credentials for authentication
devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (2)

Core 2
Core References
Broken Link issue-tracking permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/556090
Permissions Required technical-description exploit permissions-required
https://hackerone.com/reports/3247096

Scores

CVSS v3 8.7
EPSS 0.0029
EPSS Percentile 20.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Lab Environment

EIP LAB Lab screenshot
vulnerable docker pull ghcr.io/exploitintel/cve-2025-7734-vulnerable:latest

Details

CWE
CWE-79
Status published
Products (1)
gitlab/gitlab 14.2.0 - 18.0.6 (2 CPE variants)
Published Aug 13, 2025
Tracked Since Feb 18, 2026