CVE-2025-0314
Published: 24 January 2025
Summary
CVE-2025-0314 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Gitlab Gitlab. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-15 (Information Output Filtering) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses XSS by requiring output filtering prior to rendering file contents in the GitLab interface.
Validates inputs such as file contents before processing or storage to block malicious scripts that could lead to XSS during rendering.
Mandates timely flaw remediation through patching to fixed GitLab versions (17.6.4, 17.7.3, 17.8.1), eliminating the improper rendering vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS via improper file rendering directly enables exploitation of the public-facing GitLab web app (T1190) and arbitrary JavaScript execution in victim browsers (T1059.007).
NVD Description
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting.
Deeper analysisAI
CVE-2025-0314 is a cross-site scripting (XSS) vulnerability, classified as CWE-79, discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). It affects all versions from 17.2 prior to 17.6.4, 17.7 prior to 17.7.3, and 17.8 prior to 17.8.1. The root cause is improper rendering of certain file types, which enables XSS attacks within the GitLab interface.
With a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), the vulnerability can be exploited over the network by an attacker possessing low privileges, such as a regular authenticated user. Exploitation requires low complexity but user interaction, typically by tricking a victim into viewing or interacting with a malicious file in GitLab. Success grants high confidentiality and integrity impacts across the changed scope, allowing potential theft of session data, cookies, or execution of arbitrary scripts in the victim's browser context.
Advisories indicate mitigation through upgrading to patched versions: 17.6.4, 17.7.3, or 17.8.1 and later. Additional details are available in the GitLab issue tracker at https://gitlab.com/gitlab-org/gitlab/-/issues/512118 and the originating HackerOne report at https://hackerone.com/reports/2922313.
Details
- CWE(s)