GitLab has released urgent security patches addressing multiple vulnerabilities affecting both the Community Edition and the Enterprise Edition.
The company released versions 18.5.2, 18.4.4, and 18.3.6 to fix critical security issues that could allow attackers to compromise sensitive information and bypass access controls.
The most concerning vulnerability involves prompt injection attacks in GitLab Duo’s review feature. Attackers can inject hidden malicious prompts directly into merge request comments.
These hidden instructions trick the AI system into leaking sensitive information from confidential issues. This vulnerability affects GitLab Enterprise Edition versions 17.9 and later, potentially exposing classified project data to unauthorized users.
Beyond prompt injection, GitLab patched nine additional vulnerabilities ranging from high to low severity.
CVE IDVulnerability TitleTypeSeverityCVSS ScoreCVE-2025-11224Cross-site scripting issue in k8s proxyXSSHigh7.7CVE-2025-11865Incorrect Authorization issue in workflowsAuthorization BypassMedium6.5CVE-2025-2615Information Disclosure issue in GraphQL subscriptionsInformation DisclosureMedium4.3CVE-2025-7000Information Disclosure issue in access controlInformation DisclosureMedium4.3CVE-2025-6945Prompt Injection issue in GitLab Duo reviewPrompt InjectionLow3.5CVE-2025-6171Information Disclosure issue in packages API endpointInformation DisclosureLow3.1CVE-2025-11990Client Side Path Traversal issue in branch namesPath TraversalLow3.1CVE-2025-7736Improper Access Control issue in GitLab PagesAccess ControlLow3.1CVE-2025-12983Denial of service issue in markdownDenial of ServiceLow3.1
A cross-site scripting (XSS) vulnerability in the Kubernetes proxy allows authenticated users to execute malicious scripts, affecting versions 15.10 and later.
An authorization bypass in workflows lets users remove AI flows belonging to other users, compromising workflow integrity. Information disclosure vulnerabilities also pose serious risks.
Attackers can access sensitive data through multiple vectors: blocked users establishing GraphQL subscriptions, unauthorized viewing of branch names through access control weaknesses, and information leakage via the packages API endpoint, even when repository access is disabled.
Additional vulnerabilities include path-traversal issues affecting branch names, improper access control in GitLab Pages that allows OAuth authentication bypasses, and denial-of-service attacks via specially crafted Markdown content.
GitLab strongly recommends upgrading to the patched versions immediately. The company has already updated GitLab.com, and GitLab Dedicated customers require no action.
Self-managed installations must prioritize immediate upgrades, as these vulnerabilities directly affect customer data security. The patches include database migrations that may affect upgrade processes.
Single-node instances will experience downtime during updates, while multi-node installations can implement zero-downtime upgrades using proper procedures.
GitLab researchers discovered most vulnerabilities through the HackerOne bug bounty program. The company commits to releasing security details 30 days after each patch on its public issue tracker.
All affected organizations should review their current GitLab versions and deploy patches without delay to protect against these escalating security threats.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive Data appeared first on Cyber Security News.
