Stored Cross-Site Scripting Vulnerability in GitLab Kubernetes Proxy
CVE-2025-11224

7.7HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 14 January 2026

What is CVE-2025-11224?

A stored cross-site scripting vulnerability in GitLab's Kubernetes proxy functionality has been identified, allowing authenticated users to execute arbitrary scripts. This issue arises from inadequate input validation, potentially enabling malicious actors to manipulate user sessions and execute harmful scripts within the context of the affected application. The vulnerability impacts various versions of GitLab CE/EE, making it essential for users to update to the patched releases to mitigate the risk.

Affected Version(s)

GitLab 15.10 < 18.3.6

GitLab 18.4 < 18.4.4

GitLab 18.5 < 18.5.2

References

https://about.gitlab.com/releases/2025/11/12/patch-releas...

https://gitlab.com/gitlab-org/gitlab/-/issues/573223

issue-trackingpermissions-required

https://hackerone.com/reports/3277291

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 14, 2026
Vulnerability Reserved
Oct 1, 2025

Credit

Thanks [joaxcar](https://hackerone.com/joaxcar) for reporting this vulnerability through our HackerOne bug bounty program

JSON

Gitlab

What is CVE-2025-11224?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit