CVE-2025-8405 Improper Encoding or Escaping of Output in GitLab

🗓️ 11 Dec 2025 04:05:07Reported by GitLabType

CVE-2025-8405 fixed improper encoding that allowed authenticated users to perform unauthorized actions via hypertext injection.

Reporter	Title	Published	Views	Family All 21
FreeBSD	Gitlab -- vulnerabilities	10 Dec 202500:00	–	freebsd
Chainguard	CVE-2025-8405 vulnerabilities	28 Jan 202619:17	–	cgr
Circl	CVE-2025-8405	11 Dec 202504:55	–	circl
CNNVD	GitLab Enterprise Edition（EE）和GitLab Community Edition（CE）安全漏洞	11 Dec 202500:00	–	cnnvd
CVE	CVE-2025-8405	11 Dec 202504:05	–	cve
Debian CVE	CVE-2025-8405	11 Dec 202504:05	–	debiancve
EUVD	EUVD-2025-202646	11 Dec 202504:05	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- vulnerabilities (c6c9306e-d645-11f0-8ce2-2cf05da270f3)	11 Dec 202500:00	–	nessus
Tenable Nessus	GitLab 17.1 < 18.4.6 / 18.5 < 18.5.4 / 18.6 < 18.6.2 (CVE-2025-8405)	12 Feb 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-8405	21 Jan 202600:00	–	nessus

[
  {
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "vendor": "GitLab",
    "versions": [
      {
        "lessThan": "18.4.6",
        "status": "affected",
        "version": "17.1",
        "versionType": "semver"
      },
      {
        "lessThan": "18.5.4",
        "status": "affected",
        "version": "18.5",
        "versionType": "semver"
      },
      {
        "lessThan": "18.6.2",
        "status": "affected",
        "version": "18.6",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/3270940
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/558214
about	www.about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/

16 Dec 2025 10:53Current

CVSS 3.17.7

EPSS0.00009

CWE-116