What is the CVSS score of CVE-2025-6948?

CVE-2025-6948 has a CVSS 3.1 base score of 8.7 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Gitlab are affected by CVE-2025-6948?

GitLab instances running versions 17.11 through 18.1 are vulnerable to account takeover and unauthorized actions through content injection attacks.. A patch is available.

How to fix or mitigate CVE-2025-6948?

Within 24 hours: Inventory all GitLab CE/EE instances and identify those running affected versions (17.11.0-17.11.5, 18.0.0-18.0.3, 18.1.0-18.1.1). Restrict access to GitLab to essential personnel only. Within 7 days: Monitor audit logs for suspicious activity, particularly unusual commits or administrative changes. Establish incident response procedures for potential account compromise. Within 30 days: Upgrade to patched versions (17.11.6, 18.0.4, or 18.1.2) as they become available and fully tested in your environment. Conduct post-patch security review of recent changes and commits.

Gitlab CVE-2025-6948

EUVD-2025-20989 HIGH

Cross-site Scripting (XSS) (CWE-79)

2025-07-10 cve@gitlab.com

Gitlab Code Injection

8.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 16, 2026 - 06:52 euvd

EUVD-2025-20989

Analysis Generated

Mar 16, 2026 - 06:52 vuln.today

CVE Published

Jul 10, 2025 - 09:15 nvd

HIGH 8.7

DescriptionNVD

An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content.

AnalysisAI

CVE-2025-6948 is a Stored Cross-Site Scripting (XSS) vulnerability in GitLab CE/EE that allows authenticated attackers to execute actions on behalf of other users through malicious content injection. Affected versions include 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2. An attacker with valid credentials can manipulate the UI context (via user interaction) to perform unauthorized actions with high confidentiality and integrity impact across the GitLab instance.

Technical ContextAI

This vulnerability stems from CWE-79 (Improper Neutralization of Input During Web Page Generation - Stored XSS), indicating that GitLab fails to properly sanitize or encode user-supplied input before storing and rendering it in web pages. The vulnerability affects GitLab Community Edition and Enterprise Edition across versions 17.11.x, 18.0.x, and 18.1.x. The attack vector is Network (AV:N) with Low Complexity (AC:L), meaning no special network conditions are required and the exploitation method is straightforward. The vulnerability requires Low Privileges (PR:L), confirming that any authenticated GitLab user can inject malicious payloads. The User Interaction (UI:R) requirement means the attack depends on social engineering or tricking legitimate users into interacting with crafted content, which is typical for XSS exploits targeting action execution.

RemediationAI

Immediate patch deployment: GitLab CE/EE administrators must upgrade to version 17.11.6 or later (17.11.x line), 18.0.4 or later (18.0.x line), or 18.1.2 or later (18.1.x line). Refer to official GitLab security advisories and release notes at https://about.gitlab.com/releases/ for patch availability and deployment procedures. For organizations unable to patch immediately: (1) restrict GitLab access to trusted networks via firewall/VPN if feasible; (2) audit recent activity logs for suspicious content injections or unauthorized actions; (3) educate users about not clicking untrusted links or interacting with suspicious content within GitLab (projects, issues, MRs, comments); (4) implement Content Security Policy (CSP) headers if not already configured to mitigate XSS impact; (5) consider disabling certain GitLab features (e.g., rich text editing) temporarily if the vulnerability is tied to specific input vectors. Monitor vendor advisories closely for additional guidance.

More from same product – last 7 days

CVE-2026-3515 HIGH This Week

8.5 May 24

Command injection in Prefect 3.6.18's GitHub integration allows authenticated users to execute arbitrary git commands th

CVE-2026-9807 MEDIUM This Month POC

4.3 May 28

Incorrect authorization enforcement in GitLab CE/EE permits a blocked Project Access Token to continue reading private p

CVE-2026-4868 HIGH This Week

8.2 May 27

Identity confusion in GitLab EE's Duo AI workflow runners lets an authenticated, low-privileged user cause specific Duo

CVE-2026-1402 MEDIUM This Month

6.5 May 27

Denial of service in GitLab CE/EE affects all versions from 17.1 through those prior to 18.10.7, 18.11.4, and 19.0.1, al

CVE-2026-6713 MEDIUM This Month

5.3 May 27

Unauthorized private project enumeration in GitLab CE/EE exposes confidential project metadata to unauthenticated networ

Vendor StatusVendor

Ubuntu

Priority: Medium

gitlab

Release	Status	Version
xenial	ignored	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-

Debian