CVE-2025-8405 - Vulnerability Details - OpenCVE

GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gitlab	Gitlab

No data.

No data.

References

Link	Providers
https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/558214
https://hackerone.com/reports/3270940

History

Thu, 11 Dec 2025 04:30:00 +0000

Type	Values Removed	Values Added
Description		GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays.
Title		Improper Encoding or Escaping of Output in GitLab
First Time appeared		Gitlab Gitlab gitlab
Weaknesses		CWE-116
CPEs		cpe:2.3:a:gitlab:gitlab::::::::
Vendors & Products		Gitlab Gitlab gitlab
References		https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/558214 https://hackerone.com/reports/3270940
Metrics		cvssV3_1 `{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2025-12-11T04:05:07.234Z

Updated: 2025-12-11T15:48:09.241Z

Reserved: 2025-07-31T04:33:09.501Z

Link: CVE-2025-8405

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-11T05:16:38.447

Modified: 2025-12-11T05:16:38.447

Link: CVE-2025-8405

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8405", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2025-07-31T04:33:09.501Z", "datePublished": "2025-12-11T04:05:07.234Z", "dateUpdated": "2025-12-11T15:48:09.241Z"}, "containers": {"cna": {"title": "Improper Encoding or Escaping of Output in GitLab", "descriptions": [{"lang": "en", "value": "GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of other users by injecting malicious HTML into vulnerability code flow displays."}], "affected": [{"vendor": "GitLab", "product": "GitLab", "repo": "git://git@gitlab.com:gitlab-org/gitlab.git", "cpes": ["cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"], "versions": [{"version": "17.1", "status": "affected", "lessThan": "18.4.6", "versionType": "semver"}, {"version": "18.5", "status": "affected", "lessThan": "18.5.4", "versionType": "semver"}, {"version": "18.6", "status": "affected", "lessThan": "18.6.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-116: Improper Encoding or Escaping of Output", "cweId": "CWE-116", "type": "CWE"}]}], "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/558214", "name": "GitLab Issue #558214", "tags": ["issue-tracking", "permissions-required"]}, {"url": "https://hackerone.com/reports/3270940", "name": "HackerOne Bug Bounty Report #3270940", "tags": ["technical-description", "exploit", "permissions-required"]}, {"url": "https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to versions 18.4.6, 18.5.4, 18.6.2 or above."}], "credits": [{"lang": "en", "value": "Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2025-12-11T04:05:07.234Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-11T15:47:15.081347Z", "id": "CVE-2025-8405", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-11T15:48:09.241Z"}}]}}