Gitlab software development platform is vulnerable. Security updates closed several vulnerabilities.

Anzeige

Security assignments available

According to a warning message, If attacks are successful, attackers may perform their commands (CVE-2025-0376 “high”), Trigger Crashes (CVE-2025-12379 “medium”) or access data that is actually sealed (CVE-2024-3303 “medium”).

It is not yet clear how such attacks can take place and whether there are already attacks. Administrators who handle Gitlab installations should quickly install one of the versions equipped against the attacks described: 17.6.5, 17.7.4, 17.8.2. According to the developers, these versions are already running on gitlab.com. Gitlab dedicated customers need not do anything.

Most of the vulnerabilities have been reported via the BUG Bounty platform Hackerone.

(des)