InfoSecBulletin Cybersecurity for mankind
GitLab has released security updates for its Community Edition (CE) and Enterprise Edition (EE) to fix vulnerabilities that could enable cross-site scripting (XSS) attacks and bypass group restrictions.
CVE-2025-6948 is a critical cross-site scripting (XSS) vulnerability with a CVSS score of 8.7. It affects all versions prior to 17.11.6, 18.0.4, and 18.1.2. GitLab states that this flaw lets attackers execute actions for users by injecting harmful content, potentially compromising sessions, altering project data, or enabling phishing attacks.
Microsoft warns of active directory and office vulnarability
(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points
1.6M fitness phone call recordings exposed online
Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days
Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials
Hacker Exploit Amazon SES to Send 50K Phishing Emails
SafePay Ransomware
SafePay Ransomware Attacks 73 Orgs in a Single Month
Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
ISC2 Aims to Bridge DFIR Skill Gap with New Certificate
CVE-2025-3396 is a flaw in GitLab CE/EE versions from 13.3 to 17.11.6, 18.0 to 18.0.4, and 18.1 to 18.1.2 that involves improper authorization. It has a CVSS score of 4.3 and lets authenticated project owners bypass forking restrictions by manipulating the API.
CVE-2025-4972 affects only GitLab EE and has a CVSS score of 2.7. Authenticated users with group invitation rights can bypass admin restrictions through specially crafted API requests. Affected versions are 18.0 prior to 18.0.4 and 18.1 prior to 18.1.2.
The new vulnerability in GitLab EE, CVE-2025-6168, affects versions 18.0 before 18.0.4 and 18.1 before 18.1.2, with a CVSS score of 2.7. It allows maintainers to invite users to restricted groups through special API requests, bypassing admin controls.
GitLab has upgraded its rsync utility to version 3.4.1 to fix vulnerabilities CVE-2024-12084 and CVE-2024-12088. They advise all self-managed GitLab administrators to update to versions 18.1.2, 18.0.4, or 17.11.6 right away.
“We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible,” GitLab stated in its advisory.
