CVE-2025-0376
Published: 12 February 2025
Summary
CVE-2025-0376 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Gitlab Gitlab. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Filters outputs in the GitLab change page to prevent execution of injected malicious scripts, directly addressing the XSS vulnerability.
Validates inputs to the change page component to block injection of unauthorized code by low-privilege authenticated attackers.
Remediates the specific XSS flaw through timely patching to GitLab versions 17.6.5, 17.7.4, or 17.8.2 as specified in the CVE.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS in public-facing GitLab web app enables browser session hijacking via crafted pages and phishing delivery.
NVD Description
An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page.
Deeper analysisAI
CVE-2025-0376 is a cross-site scripting (XSS) vulnerability, mapped to CWE-79, affecting GitLab Community Edition (CE) and Enterprise Edition (EE) in all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. The flaw exists in a change page component, enabling unauthorized code execution. Published on 2025-02-12, it carries a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to network accessibility, low attack complexity, and potential for elevated impacts across scopes.
An authenticated attacker with low privileges (PR:L) can exploit this by crafting a malicious change page and tricking a user (UI:R) into interacting with it, such as via a phishing link. Exploitation allows execution of unauthorized actions in the victim's browser context, potentially compromising high confidentiality and integrity, such as stealing session data or performing actions on the victim's behalf within the GitLab instance.
Mitigation requires upgrading to patched versions: 17.6.5 or later for the 17.6 series, 17.7.4 or later for the 17.7 series, and 17.8.2 or later for the 17.8 series. Further details on the issue and resolution are documented in the GitLab issue tracker at https://gitlab.com/gitlab-org/gitlab/-/issues/512603 and the originating HackerOne report at https://hackerone.com/reports/2930243.
Details
- CWE(s)