Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address several high-severity vulnerabilities .
The newly released patches 18.6.1, 18.5.3, and 18.4.5 address security vulnerabilities that could allow attackers to bypass authentication, steal user credentials, or launch denial-of-service (DoS) attacks on compromised servers . GitLab security experts and administrators are encouraged to update their self-hosted instances immediately . GitLab.com has completed the patch rollout to protect users.
The most concerning vulnerability in this update is CVE-2024-9183 , a high severity issue marked as a race condition in the CI/CD cache. This flaw allows an authenticated attacker to steal the credentials of a user with higher privileges , and an attacker could exploit this gap to take control of an administrator account or perform unauthorized actions.
Another important fix addresses CVE-2025-12571 , a dangerous denial of service vulnerability. This vulnerability allows an unauthenticated attacker (without a username and password) to crash a GitLab instance by sending a malicious JSON request , potentially taking an organization’s code repository offline and disrupting development workflows.
The update also addresses the CVE-2025-12653 vulnerability , a medium-severity issue where unauthenticated users could bypass security controls and join arbitrary organizations by manipulating network request headers. While less severe than a crash vulnerability, this workaround poses a significant risk to organizations’ privacy and access controls.
GitLab strongly recommends that all customers running affected versions immediately upgrade to the latest patch version (18.6.1, 18.5.3, or 18.4.5). Upgrade impact: Single-node instances will experience downtime due to database migration, while multi-node instances can upgrade without downtime.
If not updated promptly, attackers can analyze publicly available patches and reverse engineer vulnerability exploitation methods, continually exposing the instance to risk.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
