Stored Cross-Site Scripting Vulnerability in GitLab by GitLab Inc.
CVE-2025-7739

8.7HIGH

Key Information:

Vendor

Gitlab

Status
Vendor
CVE Published:
13 August 2025

What is CVE-2025-7739?

A vulnerability exists in GitLab CE/EE that allows authenticated users to exploit stored cross-site scripting through the injection of harmful HTML content into scoped label descriptions. This issue impacts all versions from 18.2 prior to 18.2.2, presenting a potential risk for users and organizations relying on this platform for project management and collaboration.

Affected Version(s)

GitLab 18.2 < 18.2.2

References

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program
.
CVE-2025-7739 : Stored Cross-Site Scripting Vulnerability in GitLab by GitLab Inc.