AI description
CVE-2025-6948 is a vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). It affects versions 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2. The vulnerability allows an attacker to execute actions on behalf of other users through malicious content injection. This is due to improper input validation or sanitization within GitLab's web interface. Under certain conditions, the vulnerability permits malicious code or content to be injected and subsequently executed or used to perform unauthorized actions. An attacker can craft malicious content that, when viewed or processed by a victim, triggers actions on their behalf. This could involve malicious scripts or specially crafted content that exploits parsing or rendering vulnerabilities.
- Description
- An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.
- Source
- cve@gitlab.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.7
- Impact score
- 5.8
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
- Severity
- HIGH
- cve@gitlab.com
- CWE-79
- Hype score
- Not currently trending
⚠️Vulnerabilidad en GitLab ❗CVE-2025-6948 ➡️Más info: https://t.co/BrGomNhg7b https://t.co/qcs7xR7kmZ
@CERTpy
17 Jul 2025
104 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitLabは、4件の脆弱性に対応する重要なセキュリティパッチを公開した。特に深刻なのはCVSSスコア8.7のXSS脆弱性(CVE-2025-6948)で、悪意あるコンテンツ注入によりユーザーになりすました操作が可能となる。 こ
@yousukezan
10 Jul 2025
1037 Impressions
2 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-6948 GitLab CE/EE Authentication Bypass Vulnerability Across Multiple Versions https://t.co/Rm8xuPDxKo
@VulmonFeeds
10 Jul 2025
100 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-6948: HIGH] Critical vulnerability in GitLab CE/EE versions 17.11 to 18.1.2 could enable attackers to execute actions on users' behalf by injecting malicious content. Update to versions 17.11.6, 18.0...#cve,CVE-2025-6948,#cybersecurity https://t.co/F3ZcFzFPur https://t.
@CveFindCom
10 Jul 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-6948(CVSS 8.7)XSS and Authorization Bypass 🎯500K+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/xSH5u1E3CB FOFA Query:app="GitLab" 🔖Refer:https://t.co/cqjIaogVVd #OSINT #FOFA #CyberSecurity #Vulnerability
@fofabot
10 Jul 2025
4525 Impressions
21 Retweets
74 Likes
44 Bookmarks
0 Replies
0 Quotes