PatchSiren cyber security CVE debrief
CVE-2025-9222 GitLab CVE debrief
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. This vulnerability has been addressed in the latest GitLab releases. Users are advised to update to the patched versions to prevent potential exploitation. The CVSS score for this vulnerability is 8.7, indicating a high severity level. GitLab has provided release notes and other resources to help users mitigate this issue.
- Vendor
- GitLab
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-09
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-01-09
- Advisory updated
- 2026-06-30
Who should care
Administrators and users of GitLab CE/EE versions 18.2.2 through 18.5.4, 18.6.0 through 18.6.2, and 18.7.0 should prioritize updating to the patched versions to prevent potential exploitation of this stored cross-site scripting vulnerability. Security teams and IT professionals responsible for maintaining GitLab installations should be aware of this issue and take immediate action to secure their environments.
Technical summary
The stored cross-site scripting vulnerability in GitLab CE/EE allows an authenticated user to exploit GitLab Flavored Markdown, potentially leading to malicious script execution. The issue affects multiple versions of GitLab, specifically those between 18.2.2 and 18.5.4, 18.6.0 and 18.6.2, and 18.7.0. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 8.7, indicating a high severity level. The vulnerability is tracked under CVE-2025-9222.
Defensive priority
High priority should be given to updating GitLab CE/EE to the patched versions (18.5.5, 18.6.3, or 18.7.1) to prevent exploitation of this stored cross-site scripting vulnerability. Security teams should review their current GitLab installations and apply the necessary updates as soon as possible.
Recommended defensive actions
- Update GitLab CE/EE to version 18.5.5, 18.6.3, or 18.7.1, or later, to patch the vulnerability.
- Review current GitLab installations and apply necessary updates.
- Monitor GitLab installations for any suspicious activity related to this vulnerability.
- Implement additional security measures, such as restricting user input and output encoding, to mitigate potential risks.
- Consult GitLab's release notes and other resources for further guidance on mitigating this issue.
Evidence notes
The CVE-2025-9222 vulnerability was publicly disclosed on January 9, 2026, and has since been modified on June 30, 2026. The vulnerability affects multiple versions of GitLab CE/EE and has a CVSS score of 8.7, indicating a high severity level. GitLab has provided patches for this issue in versions 18.5.5, 18.6.3, and 18.7.1.
Official resources
-
CVE-2025-9222 CVE record
CVE.org
-
CVE-2025-9222 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Source reference
[email protected] - Broken Link
-
Source reference
[email protected] - Permissions Required
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.