Multiple vulnerabilities were identified in GitLab Community Edition and Enterprise Edition versions 18.4.x, 18.5.x, and 18.6.x prior to 18.4.5, 18.5.3, and 18.6.1, respectively. The flaws can allow attackers to cause remote denial‑of‑service, compromise data confidentiality, and bypass security policies. The affected systems include both Community Edition (CE) and Enterprise Edition (EE). The alert lists the affected releases and references CVE identifiers CVE‑2024‑9183, CVE‑2025‑12571, CVE‑2025‑12653, CVE‑2025‑13611, CVE‑2025‑6195, and CVE‑2025‑7449. The recommended action is to consult the vendor’s security bulletin dated 26 November 2025 for the appropriate patches. These vulnerabilities were disclosed by GitLab in a security bulletin released on 26 November 2025. The alert was issued by the French National Agency for Information System Security on 27 November 2025.
Summary of content from
https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1042/
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.