CVE-2025-0475
📋 TL;DR
A cross-site scripting (XSS) vulnerability in GitLab's proxy feature allows attackers to inject malicious scripts that execute in users' browsers when viewing specially crafted content. This affects all GitLab Community Edition and Enterprise Edition instances running vulnerable versions. Attackers could steal session cookies, perform actions as authenticated users, or deface pages.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator session cookies, gain full control of GitLab instance, access source code, modify repositories, and compromise the entire software development pipeline.
Likely Case
Attackers steal user session cookies to access private repositories, modify code, or exfiltrate sensitive intellectual property.
If Mitigated
With proper Content Security Policy headers and input validation, impact is limited to specific pages where the proxy feature is used.
🎯 Exploit Status
Exploitation requires the proxy feature to be enabled and specific user interaction with malicious content.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.7.6, 17.8.4, 17.9.1
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/513142
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 17.7.6, 17.8.4, or 17.9.1 using your package manager. 3. Restart GitLab services. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable Proxy Feature
linuxTemporarily disable the proxy feature that contains the vulnerability
gitlab-rails runner "ApplicationSetting.current.update!(proxy_enabled: false)"
Implement CSP Headers
allAdd strict Content Security Policy headers to mitigate XSS impact
Add 'Content-Security-Policy: default-src 'self'' to web server configuration
🧯 If You Can't Patch
- Disable the proxy feature entirely via GitLab admin settings
- Implement web application firewall rules to block suspicious proxy requests
🔍 How to Verify
Check if Vulnerable:
Check GitLab version with: sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Confirm version is 17.7.6, 17.8.4, 17.9.1 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual proxy requests with JavaScript payloads
- Multiple failed authentication attempts following proxy access
Network Indicators:
- HTTP requests to proxy endpoints containing script tags or JavaScript code
SIEM Query:
source="gitlab" AND (uri_path="/proxy/*" AND (user_agent="*script*" OR referer="*javascript:*"))