CVE-2025-0555
Published: 03 March 2025
Summary
CVE-2025-0555 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Gitlab Gitlab. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Information Output Filtering directly prevents XSS by encoding or sanitizing output to web pages, blocking arbitrary script execution in users' browsers.
Information Input Validation sanitizes user inputs to prevent malicious script injection that bypasses GitLab's security controls.
Flaw Remediation ensures timely patching of the specific XSS vulnerability in GitLab-EE versions, as recommended in the advisory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS vulnerability directly enables arbitrary JavaScript execution in the victim's browser and facilitates session hijacking as described in the impacts.
NVD Description
A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser…
more
under specific conditions.
Deeper analysisAI
CVE-2025-0555 is a Cross-Site Scripting (XSS) vulnerability, classified under CWE-79, in GitLab Enterprise Edition (GitLab-EE). It affects all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. Published on 2025-03-03, the flaw enables an attacker to bypass security controls and execute arbitrary scripts in a user's browser under specific conditions. The vulnerability carries a CVSS v3.1 base score of 7.7 (AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to its potential for confidentially and integrity impacts.
An attacker requires low privileges (PR:L), such as access as a project member or similar role within the affected GitLab instance, to exploit this vulnerability over the network (AV:N). Exploitation demands high attack complexity (AC:H) and user interaction (UI:R), typically tricking a victim into performing an action like visiting a crafted page or interacting with malicious content. Upon success, the attack changes scope (S:C), allowing arbitrary script execution in the victim's browser, which can lead to high confidentiality (C:H) and integrity (I:H) impacts, such as session hijacking or data exfiltration, with no availability disruption (A:N).
Mitigation requires upgrading to patched GitLab-EE versions 17.7.6, 17.8.4, 17.9.1, or later. Additional details are available in the GitLab issue tracker at https://gitlab.com/gitlab-org/gitlab/-/issues/514004 and the HackerOne disclosure report at https://hackerone.com/reports/2939833.
Details
- CWE(s)