CVE-2025-0475 & CVE-2025-0555
GitLab’s High-Risk Flaw, Patch Now Urgently!

GitLab has released a security advisory, urging all self-managed installations to upgrade to versions 17.9.1, 17.8.4, or 17.7.6 due to critical vulnerabilities, including serious Cross-Site Scripting (XSS) issues that may compromise user data.

The Kubernetes proxy vulnerability (CVE-2025-0475) has a CVSS score of 8.7, signifying a high risk. It affects all versions prior to the patched releases starting from 15.10. GitLab notes that this flaw might enable unintended content rendering, leading to XSS attacks. Attackers could exploit this to inject malicious code into a user’s browser, risking credential theft and other malicious activities.

• Event
• International

CYDES 2025
MCSS to implement 6 strategic goals with 7 objectives over 6 year: NACSA Chief

By F2 / Wednesday , July 2 2025

The second day of the Cyber Defence & Security Exhibition and Conference (CYDES) 2025 further cemented Malaysia’s position as a...

Read More

• International

CYDES 2025
Malaysia placed cybersecurity heart of the regional agenda: DPM Ahmad Zahid

By F2 / Tuesday , July 1 2025

Malaysia's Deputy Prime Minister Datuk Seri Dr. Ahmad Zahid Hamidi said that Malaysia has placed cybersecurity at the heart of...

Read More

• International

Amid Meta moves; OpenAI is largely shutting down next week: Wired

By F2 / Tuesday , July 1 2025

Mark Chen, the chief research officer at OpenAI, sent a forceful memo to staff on Saturday, promising to go head-to-head...

Read More

• Alert
• Hot Topic

Canada orders Hikvision to close operations over national security

By F2 / Tuesday , July 1 2025

The Canadian government ordered Hikvision to stop all operations in the country due to national security concerns. Hikvision, based in...

Read More

• International

First couple “Rosie” to conceive using AI tech “STAR” successfully

By infosecbulletin / Sunday , June 29 2025

Doctors at Columbia University Fertility Center have reported what they are calling the first pregnancy using a new AI system,...

Read More

• Alert
• Cyber Attack

Scattered Spider Actively Attacking Aviation and Transportation: FBI

By infosecbulletin / Saturday , June 28 2025

Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a...

Read More

• Alert
• Hot Topic
• International

Russia’s restrictions on Cloudflare making websites inaccessible

By F2 / Saturday , June 28 2025

Since June 9, 2025, Russian users connecting to Cloudflare services have faced throttling by ISPs. As the throttling is being...

Read More

• Cyber Attack
• Data Breach

61 million Verizon records allegedly posted online for sale

By infosecbulletin / Saturday , June 28 2025

A new report from SafetyDetectives reveals that hackers posted a massive 3.1GB dataset online, containing about 61 million records reportedly...

Read More

• Hot Topic

Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes

By infosecbulletin / Friday , June 27 2025

A 30-year-old robotics engineer from Chennai set off alarm bells in 11 states by allegedly sending hoax bomb threats. She...

Read More

• Alert
• Vulnerabilities

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access

By infosecbulletin / Friday , June 27 2025

Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector...

Read More

A high-severity XSS vulnerability (CVE-2025-0555) with a CVSS score of 7.7 impacts the Maven Dependency Proxy in GitLab-EE. It affects versions 16.6 and earlier, allowing attackers to bypass security controls and execute arbitrary scripts in a user’s browser under certain conditions.

In addition to the XSS flaws, GitLab has addressed several other security issues:

CVE-2024-8186: A medium-severity vulnerability (CVSS 5.4) permits HTML injection in child item searches, potentially leading to XSS.

CVE-2024-10925: A medium-severity vulnerability (CVSS 5.3) allows guest users to access security policy YAML files.

A medium-severity vulnerability (CVSS 4.3) allows users with limited access to read sensitive project analytics in private projects. (CVE-2025-0307)

Administrators should update their GitLab instances to the latest compatible version.

“We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible,” GitLab emphasized.

Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts