GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and 17.6.4 for both Community Edition (CE) and Enterprise Edition (EE) have been released to address these issues.

The CVE-2025-0314 allows attackers to inject malicious scripts into GitLab instances via “improper rendering of certain file types” leading to attackers hijacking user sessions, stealing sensitive data, or taking control of affected systems.

• Hot Topic

Anthropic’s Mythos reportedly broke NSA classified systems in hours

By infosecbulletin / Monday , June 22 2026

The recent finding shows how powerful Mythos is: the AI can access the US government's secret networks in just a...

Read More

• International

OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment

By infosecbulletin / Monday , June 22 2026

Test before going live is important for AI developers. But there's a problem: testing usually uses fake scenarios that often...

Read More

• Cyber Attack

AryStinger botnet infected thousands of D-Link routers globally

By infosecbulletin / Sunday , June 21 2026

AryStinger has taken control of over 4,000 old D-Link routers to use them as proxies for harmful traffic. The team...

Read More

• International

Hacker suspected of sending alerts across Brazil

By infosecbulletin / Sunday , June 21 2026

Brazil's government suspects a hacking attack triggered an unauthorized ‌alert sent to cell phones across parts of the country early...

Read More

• Hot Topic

CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT

By infosecbulletin / Sunday , June 21 2026

A new open-source cybersecurity tool named CyberSentinel AI v3.0 has come out. It is an important step in self-operated security...

Read More

• Event

Barracuda hosts Dhaka roundtable on cyber resilience

By infosecbulletin / Saturday , June 20 2026

Barracuda gathered industry people in Dhaka on 18 June 2026 for a roundtable talk about cyber resilience. The company shared...

Read More

• Alert
• International

CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices

By infosecbulletin / Saturday , June 20 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) asked Fortinet users with FortiGate devices on Thursday to act to protect...

Read More

• Alert

CISA: Splunk flaw under active exploit, patch by Sunday

By infosecbulletin / Saturday , June 20 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has asked federal agencies to protect their systems by Sunday from a...

Read More

• Cyber Attack
• Data Breach

Texas data breach exposes 3 million driver’s licenses

By infosecbulletin / Saturday , June 20 2026

The Texas Parks and Wildlife Department (TPWD) revealed a data leak at its license system provider. This leak exposed private...

Read More

• Alert

Critical Cisco ISE Vulnerability Enables Remote Code Execution

By infosecbulletin / Friday , June 19 2026

Cisco has revealed critical security flaws in its Identity Services Engine (ISE). These flaws could let attackers run harmful code...

Read More

GitLab said, “An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.”

This vulnerability has a CVSS score of 8.7, indicating a high severity threat.

Other vulnerabilities addressed in this release include:

CVE-2024-11931: A medium severity flaw (CVSS score 6.4) that could allow developers to “exfiltrate protected CI/CD variables via CI lint.”

CVE-2024-6324: A medium severity denial-of-service (DoS) vulnerability (CVSS score 4.3) related to “cyclic reference of epics.”

GitLab strongly urges all users to update their installations immediately. “We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.”

Cisco Fixes Meeting Management Allowing Privilege Escalation