CVE-2025-0475: 
GitLab vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2025-0475) was discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. The vulnerability involves a proxy feature that could potentially allow unintended content rendering leading to Cross-Site Scripting (XSS) under specific circumstances (GitLab Patch, Security Online).

The vulnerability has been assigned a CVSS v3.1 score of 8.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N), indicating a high severity level. The issue specifically relates to a Kubernetes proxy endpoint that could allow attackers to perform XSS attacks through unintended content rendering (Security Online, GitLab Patch).

If exploited, this vulnerability could allow attackers to inject malicious code into a user's browser, potentially leading to credential theft and other malicious actions. The high CVSS score indicates significant potential impact on the confidentiality and integrity of affected systems (Security Online).

GitLab has released patches to address this vulnerability in versions 17.9.1, 17.8.4, and 17.7.6. All administrators of self-managed GitLab installations are strongly recommended to upgrade to these patched versions immediately. GitLab.com is already running the patched version, and GitLab Dedicated customers do not need to take action (GitLab Patch).