CVE-2025-0475 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances...

CVE-2025-0475

The CVE-2025-0475 affects GitLab CE/EE versions 15.10 up to 17.7.6, 17.8 up to 17.8.4, and 17.9 up to 17.9.1. A proxy feature could allow unintended content rendering and cross-site scripting (XSS) under specific conditions. Remediation: upgrade to GitLab 17.7.6, 17.8.4, or 17.9.1 (the fixed rele...