PT-2025-25288 · Gitlab · Gitlab Ce/Ee

🗓️ 11 Jun 2025 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 1 Views

GitLab CE/EE versions are vulnerable to Cross-Site scripting attacks; updates are recommended.

Reporter	Title	Published	Views	Family All 19
FreeBSD	Gitlab -- Vulnerabilities	11 Jun 202500:00	–	freebsd
BDU FSTEC	The vulnerability of the tool for viewing content parameters on a software platform based on Git, which is used for collaborative code development on GitLab. This vulnerability stems from the lack of protective measures for website structures, allowing attackers to carry out XSS attacks.	13 Jun 202500:00	–	bdu_fstec
Circl	CVE-2025-2254	12 Jun 202510:33	–	circl
CNNVD	GitLab Community Edition和GitLab Enterprise Edition 跨站脚本漏洞	12 Jun 202500:00	–	cnnvd
CVE	CVE-2025-2254	12 Jun 202510:02	–	cve
Cvelist	CVE-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab	12 Jun 202510:02	–	cvelist
Debian CVE	CVE-2025-2254	12 Jun 202510:02	–	debiancve
EUVD	EUVD-2025-18168	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- Vulnerabilities (ae028662-475e-11f0-9ca4-2cf05da270f3)	13 Jun 202500:00	–	nessus
Tenable Nessus	GitLab 17.9 < 17.10.8 / 17.11 < 17.11.4 / 18.0 < 18.0.2 (CVE-2025-2254)	12 Jun 202500:00	–	nessus

Source	Link
hackerone	www.hackerone.com/reports/2973939
osv	www.osv.dev/vulnerability/CVE-2025-2254
osv	www.osv.dev/vulnerability/UBUNTU-CVE-2025-2254
ubuntu	www.ubuntu.com/security/CVE-2025-2254
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-2254
safe-surf	www.safe-surf.ru/specialists/bulletins-nkcki/722073
osv	www.osv.dev/vulnerability/BIT-gitlab-2025-2254
bdu	www.bdu.fstec.ru/vul/2025-06728
cve	www.cve.org/CVERecord
t	www.t.me/cvetracker/26079

27 Jul 2025 00:00Current

8.7High risk

Vulners AI Score8.7

CVSS 3.16.1 - 8.7

EPSS0.00281

SSVC

gitlab ce gitlab ee cross-site scripting software vulnerability version updates