PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-9222 GitLab CVE debrief

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. This vulnerability has been addressed in the latest GitLab releases. Users are advised to update to the patched versions to prevent potential exploitation. The CVSS score for this vulnerability is 8.7, indicating a high severity level. GitLab has provided release notes and other resources to help users mitigate this issue.

Vendor
GitLab
Product
Unknown
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-09
Original CVE updated
2026-06-30
Advisory published
2026-01-09
Advisory updated
2026-06-30

Who should care

Administrators and users of GitLab CE/EE versions 18.2.2 through 18.5.4, 18.6.0 through 18.6.2, and 18.7.0 should prioritize updating to the patched versions to prevent potential exploitation of this stored cross-site scripting vulnerability. Security teams and IT professionals responsible for maintaining GitLab installations should be aware of this issue and take immediate action to secure their environments.

Technical summary

The stored cross-site scripting vulnerability in GitLab CE/EE allows an authenticated user to exploit GitLab Flavored Markdown, potentially leading to malicious script execution. The issue affects multiple versions of GitLab, specifically those between 18.2.2 and 18.5.4, 18.6.0 and 18.6.2, and 18.7.0. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.7, indicating a high severity level. The vulnerability is tracked under CVE-2025-9222.

Defensive priority

High priority should be given to updating GitLab CE/EE to the patched versions (18.5.5, 18.6.3, or 18.7.1) to prevent exploitation of this stored cross-site scripting vulnerability. Security teams should review their current GitLab installations and apply the necessary updates as soon as possible.

Recommended defensive actions

  • Update GitLab CE/EE to version 18.5.5, 18.6.3, or 18.7.1, or later, to patch the vulnerability.
  • Review current GitLab installations and apply necessary updates.
  • Monitor GitLab installations for any suspicious activity related to this vulnerability.
  • Implement additional security measures, such as restricting user input and output encoding, to mitigate potential risks.
  • Consult GitLab's release notes and other resources for further guidance on mitigating this issue.

Evidence notes

The CVE-2025-9222 vulnerability was publicly disclosed on January 9, 2026, and has since been modified on June 30, 2026. The vulnerability affects multiple versions of GitLab CE/EE and has a CVSS score of 8.7, indicating a high severity level. GitLab has provided patches for this issue in versions 18.5.5, 18.6.3, and 18.7.1.

Official resources

This article is AI-assisted and based on the supplied source corpus.