- Description
- An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.
- Source
- cve@gitlab.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.7
- Impact score
- 5.8
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
- Severity
- HIGH
- cve@gitlab.com
- CWE-80
- Hype score
- Not currently trending
CVE-2025-4278, -5121 and other: Multiple vulns in GitLab, 3.7 - 8.7 rating❗️ In recent patch notes, GitLab reported ten vulns, including HTML injection, XSS, DoS, and more. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/3MbV1r6E5K #cybersecurity #vulnerability_
@Netlas_io
19 Jun 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
“GitLab”da boşluq (CVE-2025-4278) aşkar olunub. #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/XMEdMTeBGZ
@CERTAzerbaijan
18 Jun 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4278 (CVSS:8.7, HIGH) is Awaiting Analysis. An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain cond..https://t.co/W70tYOx3eX #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
17 Jun 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ GitLab has patched high-severity vulnerabilities, including an HTML injection flaw (CVE-2025-4278) that allows account takeovers and a missing authentication issue (CVE-2025-5121) that enables malicious CI/CD job injections. Admins are urged to upgrade. Key takeaways:
@gossy_84
13 Jun 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
おはようございます! GitLabでCVE-2025-4278によりアカウントの乗っ取りが可能だったようですね。 最新のパッチ バージョンへの即時アップグレードを強く推奨されているので利用者のみなさん要確認です🔍
@altelab8
13 Jun 2025
19 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年6月、GitLabは複数の深刻な脆弱性に対応するため、バージョン18.0.2、17.11.4、17.10.8をリリースした。 特にCVE-2025-4278とCVE-2025-2254は、アカウント乗っ取りやXSS攻撃を可能にし、CI/CDの改ざんやサービス妨害の
@yousukezan
12 Jun 2025
1702 Impressions
9 Retweets
14 Likes
3 Bookmarks
0 Replies
0 Quotes
GitLab has released security patches for versions 18.0.2, 17.11.4, and 17.10.8 to fix critical vulnerabilities, including account takeover via HTML injection (CVE-2025-4278) and malicious CI/CD job injections (CVE-2025-5121). Stay updated! 🔒 #GitLab #Se… https://t.co/vGyM6jK
@TweetThreatNews
12 Jun 2025
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4278 An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could l… https://t.co/gv6FV8vAf2
@CVEnew
12 Jun 2025
400 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4278: HIGH] Critical vulnerability in GitLab CE/EE versions 18.0 to 18.0.2 allows for html injection leading to potential account takeover. Update recommended ASAP.#cve,CVE-2025-4278,#cybersecurity https://t.co/qR5yrsEvl7 https://t.co/CGqL3JElEP
@CveFindCom
12 Jun 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes