Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search
Enterprise BusinessLog 320x200 1
Crowdstriker 970×120
GitLab Security Updates Fix High-Severity Vulnerabilities CVE-2024-9183

GitLab Security Updates Fix High-Severity Vulnerabilities CVE-2024-9183

Redazione RHC : 29 November 2025 09:23

GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address several high-severity vulnerabilities .

The newly released patches 18.6.1, 18.5.3, and 18.4.5 address security vulnerabilities that could allow attackers to bypass authentication, steal user credentials, or launch denial-of-service (DoS) attacks on compromised servers . GitLab security experts and administrators are encouraged to update their self-hosted instances immediately . GitLab.com has completed the patch rollout to protect users.

Title Severity
Race condition issue in CI/CD cache impacts GitLab CE/EE High
Denial of Service issue in JSON input validation middleware impacts GitLab CE/EE High
Authentication bypass issue in account registration impacts GitLab CE/EE Medium
Denial of Service issue in HTTP response processing impacts GitLab CE/EE Medium
Improper authorization issue in markdown rendering impacts GitLab EE Medium
Information disclosure issue in terraform registry impacts GitLab CE/EE Low

Risks of credential theft and system crashes

The most concerning vulnerability in this update is CVE-2024-9183 , a high severity issue marked as a race condition in the CI/CD cache. This flaw allows an authenticated attacker to steal the credentials of a user with higher privileges , and an attacker could exploit this gap to take control of an administrator account or perform unauthorized actions.

Another important fix addresses CVE-2025-12571 , a dangerous denial of service vulnerability. This vulnerability allows an unauthenticated attacker (without a username and password) to crash a GitLab instance by sending a malicious JSON request , potentially taking an organization’s code repository offline and disrupting development workflows.

Authentication Bypass Vulnerability

The update also addresses the CVE-2025-12653 vulnerability , a medium-severity issue where unauthenticated users could bypass security controls and join arbitrary organizations by manipulating network request headers. While less severe than a crash vulnerability, this workaround poses a significant risk to organizations’ privacy and access controls.

GitLab strongly recommends that all customers running affected versions immediately upgrade to the latest patch version (18.6.1, 18.5.3, or 18.4.5). Upgrade impact: Single-node instances will experience downtime due to database migration, while multi-node instances can upgrade without downtime.

If not updated promptly, attackers can analyze publicly available patches and reverse engineer vulnerability exploitation methods, continually exposing the instance to risk.

  • credential theft
  • CVE-2024-9183
  • cybersecurity patches
  • DoS attacks
  • GitLab security updates
  • high-severity vulnerabilities
  • Incident response
  • secure coding practices
  • threat intelligence
  • vulnerability management
Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli