InfoSecBulletin Cybersecurity for mankind
GitLab has released a security advisory, urging all self-managed installations to upgrade to versions 17.9.1, 17.8.4, or 17.7.6 due to critical vulnerabilities, including serious Cross-Site Scripting (XSS) issues that may compromise user data.
The Kubernetes proxy vulnerability (CVE-2025-0475) has a CVSS score of 8.7, signifying a high risk. It affects all versions prior to the patched releases starting from 15.10. GitLab notes that this flaw might enable unintended content rendering, leading to XSS attacks. Attackers could exploit this to inject malicious code into a user’s browser, risking credential theft and other malicious activities.
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
L7 DDoS Botnet Hijacked 5.76M Devices for Large Attacks
Palo Alto Networks User-ID Credential Agent Vuln Exposes password In Cleartext
A high-severity XSS vulnerability (CVE-2025-0555) with a CVSS score of 7.7 impacts the Maven Dependency Proxy in GitLab-EE. It affects versions 16.6 and earlier, allowing attackers to bypass security controls and execute arbitrary scripts in a user’s browser under certain conditions.
In addition to the XSS flaws, GitLab has addressed several other security issues:
CVE-2024-8186: A medium-severity vulnerability (CVSS 5.4) permits HTML injection in child item searches, potentially leading to XSS.
CVE-2024-10925: A medium-severity vulnerability (CVSS 5.3) allows guest users to access security policy YAML files.
A medium-severity vulnerability (CVSS 4.3) allows users with limited access to read sensitive project analytics in private projects. (CVE-2025-0307)
Administrators should update their GitLab instances to the latest compatible version.
“We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible,” GitLab emphasized.
Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts
