InfoSecBulletin Cybersecurity for mankind
GitLab has released security updates for its Community Edition (CE) and Enterprise Edition (EE) to fix vulnerabilities that could enable cross-site scripting (XSS) attacks and bypass group restrictions.
CVE-2025-6948 is a critical cross-site scripting (XSS) vulnerability with a CVSS score of 8.7. It affects all versions prior to 17.11.6, 18.0.4, and 18.1.2. GitLab states that this flaw lets attackers execute actions for users by injecting harmful content, potentially compromising sessions, altering project data, or enabling phishing attacks.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
CVE-2025-3396 is a flaw in GitLab CE/EE versions from 13.3 to 17.11.6, 18.0 to 18.0.4, and 18.1 to 18.1.2 that involves improper authorization. It has a CVSS score of 4.3 and lets authenticated project owners bypass forking restrictions by manipulating the API.
CVE-2025-4972 affects only GitLab EE and has a CVSS score of 2.7. Authenticated users with group invitation rights can bypass admin restrictions through specially crafted API requests. Affected versions are 18.0 prior to 18.0.4 and 18.1 prior to 18.1.2.
The new vulnerability in GitLab EE, CVE-2025-6168, affects versions 18.0 before 18.0.4 and 18.1 before 18.1.2, with a CVSS score of 2.7. It allows maintainers to invite users to restricted groups through special API requests, bypassing admin controls.
GitLab has upgraded its rsync utility to version 3.4.1 to fix vulnerabilities CVE-2024-12084 and CVE-2024-12088. They advise all self-managed GitLab administrators to update to versions 18.1.2, 18.0.4, or 17.11.6 right away.
“We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible,” GitLab stated in its advisory.
