First published: Fri Jan 24 2025(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab | >17.2<17.6.4>17.7<17.7.3>17.8<17.8.1 |
Upgrade to versions 17.6.4, 17.7.3, 17.8.1 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-0314 has been rated as a medium severity vulnerability due to the potential for cross-site scripting attacks.
To fix CVE-2025-0314, upgrade your GitLab CE/EE to versions 17.6.4, 17.7.3, or 17.8.1 or later.
CVE-2025-0314 affects GitLab CE/EE versions from 17.2 up to but not including 17.6.4, 17.7 up to but not including 17.7.3, and 17.8 up to but not including 17.8.1.
CVE-2025-0314 is a cross-site scripting (XSS) vulnerability caused by improper rendering of certain file types.
Yes, CVE-2025-0314 can be exploited remotely, enabling an attacker to execute malicious scripts in the context of a user's session.