GitLab High-Severity XSS & AI Flaws Expose User Data

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

EXECUTIVE SUMMARY:

GitLab disclosed multiple high-severity security vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE) deployments. These issues span cross-site scripting (XSS), missing authorization, denial-of-service, and information disclosure flaws, including weaknesses in AI-related features and IDE components. Successful exploitation could allow attackers to execute malicious scripts, access or modify restricted settings, or disrupt services under certain conditions.

CVE-2025-9222:This vulnerability is a stored cross-site scripting (XSS) flaw in GitLab Flavored Markdown placeholders, allowing authenticated users to inject malicious JavaScript that executes in another user’s browser. Exploitation could lead to session hijacking or unauthorized actions performed in the victim’s context. The vulnerability has a CVSS score of 8.7 (High).
CVE-2025-13761: This XSS vulnerability exists in GitLab’s Web IDE and can be triggered when a victim interacts with a crafted URL or malicious content. An attacker could leverage this flaw to execute arbitrary scripts in the browser of a logged-in user. The issue is rated CVSS 8.0 (High).
CVE-2025-13772: is a missing authorization vulnerability in the Duo Workflows API affecting GitLab Enterprise Edition. Authenticated users may gain unauthorized access to AI model configurations within namespaces they do not own or manage. The vulnerability carries a CVSS score of 7.1 (High).
CVE-2025-13781: This vulnerability stems from improper authorization checks in an AI-related GraphQL mutation within GitLab EE. An authenticated attacker could modify instance-level AI provider settings without sufficient privileges, potentially impacting system-wide AI behavior. The issue has a CVSS score of 6.5 (High).
CVE-2025-10569: is a denial-of-service vulnerability related to GitLab’s import functionality. By supplying specially crafted responses from external APIs, an authenticated user could cause excessive resource consumption and service instability. The assigned CVSS score is 6.5 (High).
CVE-2025-11246: This issue involves insufficient access control in the GraphQL runnerUpdate mutation. Authenticated users with limited permissions could unintentionally or maliciously remove project runners from projects outside their scope. The vulnerability is rated CVSS 5.4 (Medium).
CVE-2025-3950: is an information disclosure vulnerability in GitLab’s Mermaid diagram rendering functionality. Specially crafted diagrams may bypass asset proxy protections and leak sensitive connection or metadata information. The issue has a CVSS score of 3.5 (Low).

RECOMMENDATION:

We strongly recommend you update GitLab to version 18.7.1, 18.6.3, or 18.5.5.

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/gitlab-patch-high-severity-xss-ai-flaws-expose-user-data/

Recent Advisories

CRESCENTHARVEST Malware Targets Iranian Dissidents

February 18, 2026

ClickFix-Driven Malicious Campaign Deploying Matanbuchus and AstarionRAT

February 18, 2026

ImapEngine affected by command injection via the ID command parameters

February 18, 2026

Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

February 18, 2026

GitLab High-Severity XSS & AI Flaws Expose User Data

Recent Advisories

Report an Incident