- Description
- An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.
- Source
- cve@gitlab.com
- NVD status
- Analyzed
- Products
- gitlab
CVSS 3.1
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- cve@gitlab.com
- CWE-79
- Hype score
- Not currently trending
⚠️Vulnerabilidad en GitLab ❗CVE-2025-6948 ➡️Más info: https://t.co/BrGomNhg7b https://t.co/qcs7xR7kmZ
@CERTpy
17 Jul 2025
104 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitLabは、4件の脆弱性に対応する重要なセキュリティパッチを公開した。特に深刻なのはCVSSスコア8.7のXSS脆弱性(CVE-2025-6948)で、悪意あるコンテンツ注入によりユーザーになりすました操作が可能となる。 こ
@yousukezan
10 Jul 2025
1037 Impressions
2 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-6948 GitLab CE/EE Authentication Bypass Vulnerability Across Multiple Versions https://t.co/Rm8xuPDxKo
@VulmonFeeds
10 Jul 2025
100 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-6948: HIGH] Critical vulnerability in GitLab CE/EE versions 17.11 to 18.1.2 could enable attackers to execute actions on users' behalf by injecting malicious content. Update to versions 17.11.6, 18.0...#cve,CVE-2025-6948,#cybersecurity https://t.co/F3ZcFzFPur https://t.
@CveFindCom
10 Jul 2025
90 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-6948(CVSS 8.7)XSS and Authorization Bypass 🎯500K+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/xSH5u1E3CB FOFA Query:app="GitLab" 🔖Refer:https://t.co/cqjIaogVVd #OSINT #FOFA #CyberSecurity #Vulnerability
@fofabot
10 Jul 2025
4525 Impressions
21 Retweets
74 Likes
44 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "60F87BFE-7A24-4D47-BC2D-7E03A36A01C0",
"versionEndExcluding": "17.11.6",
"versionStartIncluding": "17.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F8DBDAFE-3F46-4DB7-B9A8-666CD2168228",
"versionEndExcluding": "17.11.6",
"versionStartIncluding": "17.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "A4839A98-785F-41DD-A6A1-51476E823CFE",
"versionEndExcluding": "18.0.4",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "4F27FCAE-C2B3-489C-AEDB-BA19DD32DE7A",
"versionEndExcluding": "18.0.4",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"matchCriteriaId": "BE71AB34-398E-4A9B-A90C-63B1CD883426",
"versionEndExcluding": "18.1.2",
"versionStartIncluding": "18.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "163718AE-806A-4D9C-ADA1-30FBFA87C317",
"versionEndExcluding": "18.1.2",
"versionStartIncluding": "18.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]