July 2, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
DHS Alerts on Pro-Iranian Hacktivist Threats to U.S. Networks
June 24, 2025
Multiple NETGEAR Products Vulnerabilities
June 24, 2025
DHS Alerts on Pro-Iranian Hacktivist Threats to U.S. Networks
June 24, 2025
Multiple NETGEAR Products Vulnerabilities
June 24, 2025
Severity
Medium
Analysis Summary
CVE-2025-1763 CVSS:8.7
GitLab is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Maven Dependency Proxy.
CVE-2025-0605 CVSS:4.3
A security vulnerability (CVE-2025-0605) was discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. The vulnerability relates to group access controls that could potentially allow certain users to bypass two-factor authentication requirement.
Impact
- Cross-site Scripting
- Gain Access
Indicators of Compromise
CVE
CVE-2025-1763
CVE-2025-0605
Affected Vendors
- GitLab
Affected Products
- GitLab - 17.9.6
- GitLab - 17.10.4
- GitLab - 17.11
Remediation
Upgrade to the latest version of GitLab, available from the GitLab Website.