Stored Cross-Site Scripting Vulnerability in GitLab by GitLab Inc.
CVE-2025-7739

5.4MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 13 August 2025

What is CVE-2025-7739?

A vulnerability exists in GitLab CE/EE that allows authenticated users to exploit stored cross-site scripting through the injection of harmful HTML content into scoped label descriptions. This issue impacts all versions from 18.2 prior to 18.2.2, presenting a potential risk for users and organizations relying on this platform for project management and collaboration.

Affected Version(s)

GitLab 18.2 < 18.2.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/556111

issue-trackingpermissions-required

https://hackerone.com/reports/3255849

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Jul 17, 2025

Credit

Thanks [yvvdwf](https://hackerone.com/yvvdwf) for reporting this vulnerability through our HackerOne bug bounty program