CVE-2025-0811
Published: 27 March 2025
Summary
CVE-2025-0811 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Gitlab Gitlab. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Information output filtering prevents XSS by sanitizing or encoding file contents prior to rendering in users' browsers.
Information input validation detects and blocks malicious file uploads containing XSS payloads before they can be rendered.
Flaw remediation requires patching the improper file rendering in affected GitLab versions to eliminate the XSS vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS vulnerability in public-facing GitLab web app enables exploitation via crafted malicious files that trigger script execution in victim's browser upon interaction.
NVD Description
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting.
Deeper analysisAI
CVE-2025-0811 is a cross-site scripting (XSS) vulnerability stemming from improper rendering of certain file types in GitLab Community Edition (CE) and Enterprise Edition (EE). It affects all versions from 17.7 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1. The issue is classified under CWE-79 with a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating high severity due to its potential for significant confidentiality and integrity impacts.
An attacker with low-privileged authenticated access (PR:L) can exploit this vulnerability over the network (AV:N) by crafting malicious files that, when rendered, trigger XSS upon user interaction (UI:R). The cross-origin scope change (S:C) enables the attacker to steal sensitive data or perform actions on behalf of the victim user, achieving high impacts on confidentiality and integrity without affecting availability.
Mitigation involves upgrading to GitLab versions 17.8.6, 17.9.3, 17.10.1, or later, as indicated by the affected version ranges. Additional details are available in the GitLab issue tracker at https://gitlab.com/gitlab-org/gitlab/-/issues/515566 and the HackerOne disclosure at https://hackerone.com/reports/2961854.
Details
- CWE(s)