Cyber Resilience

CVE-2025-0376

High

Published: 12 February 2025

Published
12 February 2025
Modified
06 August 2025
KEV Added
Patch
CVSS Score v3.1 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS Score 0.0318 87.3th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0376 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Gitlab Gitlab. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

An XSS vulnerability tracked as CVE-2025-0376 affects GitLab Community Edition and Enterprise Edition in all versions from 13.3 up to but not including 17.6.5, 17.7 up to but not including 17.7.4, and 17.8 up to but not including 17.8.2. The flaw, assigned CWE-79, resides in the change page and carries a CVSS 3.1 score of 8.7 reflecting network attack vector, low attack complexity, low privileges required, and required user interaction, with high impact on confidentiality and integrity but none on availability.

An attacker with low privileges can exploit the issue to execute unauthorized actions in a victim's session by supplying malicious content that is rendered on the change page, enabling cross-site scripting that bypasses intended access controls.

The associated EPSS score remains flat at 0.0318 with no material increase after disclosure. Public references point to a GitLab issue tracker entry and a HackerOne report for further technical detail.

EU & UK References

Vulnerability details

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
Why these techniques?

XSS in public-facing GitLab web app enables browser session hijacking via crafted pages and phishing delivery.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-6948Same product: Gitlab Gitlab
CVE-2025-13761Same product: Gitlab Gitlab
CVE-2025-9222Same product: Gitlab Gitlab
CVE-2025-11224Same product: Gitlab Gitlab
CVE-2026-7481Same product: Gitlab Gitlab
CVE-2025-0475Same product: Gitlab Gitlab
CVE-2025-14560Same product: Gitlab Gitlab
CVE-2025-2255Same product: Gitlab Gitlab
CVE-2026-0752Same product: Gitlab Gitlab
CVE-2025-0314Same product: Gitlab Gitlab

Affected Assets

gitlab
gitlab
13.3.0 — 17.6.5 · 13.3.0 — 17.6.5 · 17.7.0 — 17.7.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Filters outputs in the GitLab change page to prevent execution of injected malicious scripts, directly addressing the XSS vulnerability.

prevent

Validates inputs to the change page component to block injection of unauthorized code by low-privilege authenticated attackers.

prevent

Remediates the specific XSS flaw through timely patching to GitLab versions 17.6.5, 17.7.4, or 17.8.2 as specified in the CVE.

References