UPDATE: GitLab has just announced critical security patches for multiple vulnerabilities affecting its Community Edition (CE) and Enterprise Edition (EE). Organizations running self-managed instances must update to versions 18.5.2, 18.4.4, and 18.3.6 IMMEDIATELY to safeguard against potential data theft and unauthorized access.
The most alarming vulnerability pertains to a prompt injection flaw in GitLab Duo’s code review functionality, which could allow attackers to embed malicious instructions in merge request comments. This could mislead the AI into disclosing sensitive information from private issues. This critical issue affects Enterprise Edition versions 17.9 and later and poses a significant threat to development environments that utilize AI-powered workflows.
Moreover, the vulnerabilities patched include CVE-2025-11224, a severe cross-site scripting flaw in the Kubernetes proxy, enabling authenticated users to execute harmful scripts. Another significant vulnerability, CVE-2025-11865, allows users to improperly remove AI workflows from others. These issues underscore the urgent need for organizations to prioritize security measures.
GitLab’s updates address several information disclosure vulnerabilities, including CVE-2025-2615 and CVE-2025-7000, which expose sensitive data to blocked users. Additionally, CVE-2025-6171 reveals package metadata even in restricted repositories, while CVE-2025-11990 and CVE-2025-7736 fix path-traversal and access control flaws, respectively.
Organizations using GitLab’s cloud-hosted services are already protected, but self-managed customers must act swiftly to implement these updates. GitLab warns that some updates may require database migrations, potentially leading to downtime for single-node installations. For multi-node environments, near-zero downtime upgrades are achievable by following GitLab’s recommended procedures.
To enhance security against emerging threats, GitLab advises organizations to implement additional protective measures. These recommendations include restricting AI-assisted features to trusted users, enforcing strict role-based access controls (RBAC), and enhancing logging and monitoring of unusual activities. Furthermore, employing web application firewalls (WAF) and sanitizing inputs can help block malicious scripts before they infiltrate GitLab services.
As threat actors increasingly exploit AI for sophisticated attacks, layered defenses and continuous monitoring are essential. The urgency of this security release cannot be overstated—traditional vulnerabilities combined with AI-driven risks highlight the necessity of adopting zero-trust principles throughout the software development lifecycle.
Organizations are urged to share this information widely to ensure their peers are informed about the critical updates and the necessary actions to mitigate these vulnerabilities. GitLab’s latest security release serves as a crucial reminder of the evolving complexities in securing modern development ecosystems.
Stay tuned for more updates as this story develops.
