
We found results for “”
CVE-2025-9642
Good to know:


Date: September 26, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could allow an attacker to inject malicious content that may lead to account takeover.
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix

Upgrade Version
Upgrade to version https://gitlab.com/gitlab-org/gitlab.git - v18.2.7-ee;https://gitlab.com/gitlab-org/gitlab.git - v18.3.3-ee;https://gitlab.com/gitlab-org/gitlab.git - v18.4.1
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | NONE |