Vulnerability Details CVE-2025-2254
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.5%
CVSS Severity
CVSS v3 Score 8.7
References
Products affected by CVE-2025-2254
-
cpe:2.3:a:gitlab:gitlab:17.10.0
-
cpe:2.3:a:gitlab:gitlab:17.10.1
-
cpe:2.3:a:gitlab:gitlab:17.10.2
-
cpe:2.3:a:gitlab:gitlab:17.10.3
-
cpe:2.3:a:gitlab:gitlab:17.10.4
-
cpe:2.3:a:gitlab:gitlab:17.10.5
-
cpe:2.3:a:gitlab:gitlab:17.10.6
-
cpe:2.3:a:gitlab:gitlab:17.10.7
-
cpe:2.3:a:gitlab:gitlab:17.11.0
-
cpe:2.3:a:gitlab:gitlab:17.11.1
-
cpe:2.3:a:gitlab:gitlab:17.11.2
-
cpe:2.3:a:gitlab:gitlab:17.11.3
-
cpe:2.3:a:gitlab:gitlab:17.9.0
-
cpe:2.3:a:gitlab:gitlab:17.9.1
-
cpe:2.3:a:gitlab:gitlab:17.9.2
-
cpe:2.3:a:gitlab:gitlab:17.9.3
-
cpe:2.3:a:gitlab:gitlab:17.9.4
-
cpe:2.3:a:gitlab:gitlab:17.9.5
-
cpe:2.3:a:gitlab:gitlab:17.9.6
-
cpe:2.3:a:gitlab:gitlab:17.9.7
-
cpe:2.3:a:gitlab:gitlab:17.9.8
-
cpe:2.3:a:gitlab:gitlab:18.0.0
-
cpe:2.3:a:gitlab:gitlab:18.0.1