CVE-2025-12734 – This vulnerability allows authenticated GitLab ... (How to Fix)

Q: What is the severity of CVE-2025-12734?

CVE-2025-12734 has a CVSS score of 3.5 (LOW). This vulnerability allows authenticated GitLab users to inject malicious HTML content into merge request titles, which could render in other users' dialogs under certain conditions. It affects GitLab CE/EE versions 15.6 through 18.6.1, potentially enabling cross-site scripting attacks.

📋 TL;DR

This vulnerability allows authenticated GitLab users to inject malicious HTML content into merge request titles, which could render in other users' dialogs under certain conditions. It affects GitLab CE/EE versions 15.6 through 18.6.1, potentially enabling cross-site scripting attacks.

💻 Affected Systems

Products:

GitLab Community Edition
GitLab Enterprise Edition

Versions: 15.6 to 18.4.5, 18.5 to 18.5.3, 18.6 to 18.6.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to create or edit merge requests.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could execute arbitrary JavaScript in victims' browsers, potentially stealing session cookies, performing actions as the victim, or redirecting to malicious sites.

🟠

Likely Case

Limited cross-site scripting affecting users who view merge requests with malicious titles, potentially leading to session hijacking or phishing.

🟢

If Mitigated

With proper content security policies and input validation, impact is limited to minor UI manipulation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access and specific conditions for dialog rendering.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.4.6, 18.5.4, or 18.6.2

Vendor Advisory: https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab 18.4.6, 18.5.4, or 18.6.2 using your package manager. 3. Restart GitLab services. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict Merge Request Creation

all

Temporarily limit who can create or edit merge requests to trusted users only.

Enable Content Security Policy

all

Implement strict CSP headers to mitigate XSS impact.

🧯 If You Can't Patch

Implement web application firewall rules to block HTML injection patterns in merge request titles.
Monitor merge request activity for suspicious title content and review user permissions.

🔍 How to Verify

Check if Vulnerable:

Check GitLab version via admin panel or command: sudo gitlab-rake gitlab:env:info

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'GitLab version'

Verify Fix Applied:

Confirm version is 18.4.6, 18.5.4, or 18.6.2 or higher using same command.

📡 Detection & Monitoring

Log Indicators:

Unusual merge request title patterns containing HTML/script tags
Multiple merge request edits by single user in short timeframe

Network Indicators:

HTTP requests with suspicious payloads in merge request API endpoints

SIEM Query:

source="gitlab" AND (message="MergeRequest" OR message="merge_request") AND (message="<script>" OR message="javascript:")

📊 Metadata

CVE ID: CVE-2025-12734

CVSS v3 Score: 3.5 (LOW)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-116

EPSS Score: 0.01% exploit probability (2.4th percentile)

Published: December 11, 2025

Last Updated: December 23, 2025

🔗 References

https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ Release Notes,Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/579573 Broken Link
https://hackerone.com/reports/3379381 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12734, you might also want to check these: