GitLab Publishes Security Update Addressing Several Vulnerabilities in Community and Enterprise Edition

GitLab has released critical security patches addressing six vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with two high-severity cross-site scripting (XSS) flaws requiring immediate attention from self-managed installations.

The security update, distributed through versions 18.2.1, 18.1.3, and 18.0.5, includes fixes for vulnerabilities that could potentially allow unauthorized access to sensitive information and enable malicious script execution in specific deployment scenarios.

Critical Security Vulnerabilities Identified

The most severe issues identified in this security release center around cross-site scripting vulnerabilities affecting GitLab’s Kubernetes proxy functionality.

CVE-2025-4700, with a CVSS score of 8.7, represents a high-severity XSS vulnerability that could allow authenticated attackers to trigger unintended content rendering under specific circumstances. This vulnerability affects all GitLab CE/EE versions from 15.10 prior to the patched releases.