CVE-2025-6948
Published: 10 July 2025
Summary
CVE-2025-6948 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Gitlab Gitlab. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 42.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-2 mandates identification, prioritization, and remediation of flaws like this GitLab XSS vulnerability through timely patching to versions such as 17.11.6.
SI-10 requires validation of information inputs to block injection of malicious content that enables XSS execution on behalf of users.
SI-15 enforces output filtering to prevent injected malicious scripts from executing in victims' browsers and performing unauthorized actions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS (CWE-79) in public-facing GitLab enables injection of malicious scripts to hijack sessions and impersonate users via crafted links/payloads.
NVD Description
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by…
more
injecting malicious content.
Deeper analysisAI
CVE-2025-6948 is a vulnerability discovered in GitLab Community Edition (CE) and Enterprise Edition (EE), affecting all versions from 17.11 prior to 17.11.6, 18.0 prior to 18.0.4, and 18.1 prior to 18.1.2. The flaw enables an attacker, under certain conditions, to inject malicious content and execute actions on behalf of other users. It is associated with CWE-79, which pertains to cross-site scripting.
The vulnerability has a CVSS v3.1 base score of 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating network accessibility, low attack complexity, requirement for low privileges and user interaction, changed scope, high confidentiality and integrity impacts, and no availability impact. An authenticated attacker with low privileges can exploit it by tricking a victim user into interacting with injected malicious content, such as via a crafted link or payload, thereby impersonating the victim to access sensitive data or perform unauthorized actions on their behalf.
Advisories recommend upgrading to patched versions 17.11.6, 18.0.4, or 18.1.2 to mitigate the issue. Additional details on the vulnerability and resolution are documented in the GitLab issue tracker at https://gitlab.com/gitlab-org/gitlab/-/issues/552616 and the HackerOne report at https://hackerone.com/reports/3227316.
Details
- CWE(s)