Multiple GitLab Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-1763 CVSS:8.7

GitLab is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Maven Dependency Proxy.

CVE-2025-0605 CVSS:4.3

A security vulnerability (CVE-2025-0605) was discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. The vulnerability relates to group access controls that could potentially allow certain users to bypass two-factor authentication requirement.

Impact

Cross-site Scripting
Gain Access

Indicators of Compromise

CVE

CVE-2025-1763
CVE-2025-0605

Affected Vendors

GitLab

Affected Products

GitLab - 17.9.6
GitLab - 17.10.4
GitLab - 17.11

Remediation

Upgrade to the latest version of GitLab, available from the GitLab Website.

CVE-2025-1763

CVE-2025-0605

DHS Alerts on Pro-Iranian Hacktivist Threats to U.S. Networks

Multiple NETGEAR Products Vulnerabilities

Multiple GitLab Products Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan