CVE-2025-9642

HIGH

GitLab CE/EE <18.2.7-18.4.1 - XSS

Title source: llm

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover.

References (2)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/566505

[Permissions Required] https://hackerone.com/reports/3297413

Scores

CVSS v3 8.7

EPSS 0.0003

EPSS Percentile 8.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Classification

CWE

CWE-79

Status published

Affected Products (4)

gitlab/gitlab < 18.2.7

gitlab/gitlab

Timeline

Published Sep 26, 2025

Tracked Since Feb 18, 2026