What is the CVSS score of CVE-2025-11224?

CVE-2025-11224 has a CVSS 3.1 base score of 7.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Kubernetes are affected by CVE-2025-11224?

Organizations using GitLab CE/EE affecting all face notable risk from CVE-2025-11224, a cross-site scripting vulnerability rated CVSS 7.7.. A patch is available.

How to fix or mitigate CVE-2025-11224?

Within 7 days: Identify all affected systems running GitLab CE/EE affecting all and apply vendor patches promptly. Verify anti-CSRF tokens and content security policies are enforced.

Kubernetes CVE-2025-11224

HIGH

Cross-site Scripting (XSS) (CWE-79)

2026-01-14 cve@gitlab.com

XSS Kubernetes Gitlab

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch released

Jan 21, 2026 - 21:14 nvd

Patch available

CVE Published

Jan 14, 2026 - 19:16 nvd

HIGH 7.7

DescriptionNVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality.

AnalysisAI

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects the Kubernetes proxy component of Gitlab. GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality.

RemediationAI

A vendor patch is available — apply it immediately. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

More from same product – last 7 days

CVE-2026-3515 HIGH This Week

8.5 May 24

Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands th

CVE-2026-9807 MEDIUM This Month POC

4.3 May 28

Incorrect authorization enforcement in GitLab CE/EE permits a blocked Project Access Token to continue reading private p

CVE-2026-4868 HIGH This Week

8.2 May 27

Identity confusion in GitLab EE's Duo AI workflow runners lets an authenticated, low-privileged user cause specific Duo

CVE-2026-1402 MEDIUM This Month

6.5 May 27

Denial of service in GitLab CE/EE affects all versions from 17.1 through those prior to 18.10.7, 18.11.4, and 19.0.1, al

CVE-2026-6713 MEDIUM This Month

5.3 May 27

Unauthorized private project enumeration in GitLab CE/EE exposes confidential project metadata to unauthenticated networ

CVE-2025-11224 vulnerability details – vuln.today

Back

Kubernetes CVE-2025-11224

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code