Red Hot Cyber, il blog italiano sulla sicurezza informatica
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select Italian
Search
Enterprise BusinessLog 320x200 1
Crowdstriker 970×120
GitLab Security Updates Fix High-Severity Vulnerabilities CVE-2024-9183

GitLab Security Updates Fix High-Severity Vulnerabilities CVE-2024-9183

Redazione RHC : 29 November 2025 09:23

GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address several high-severity vulnerabilities .

The newly released patches 18.6.1, 18.5.3, and 18.4.5 address security vulnerabilities that could allow attackers to bypass authentication, steal user credentials, or launch denial-of-service (DoS) attacks on compromised servers . GitLab security experts and administrators are encouraged to update their self-hosted instances immediately . GitLab.com has completed the patch rollout to protect users.

TitleSeverity
Race condition issue in CI/CD cache impacts GitLab CE/EEHigh
Denial of Service issue in JSON input validation middleware impacts GitLab CE/EEHigh
Authentication bypass issue in account registration impacts GitLab CE/EEMedium
Denial of Service issue in HTTP response processing impacts GitLab CE/EEMedium
Improper authorization issue in markdown rendering impacts GitLab EEMedium
Information disclosure issue in terraform registry impacts GitLab CE/EELow

Risks of credential theft and system crashes

The most concerning vulnerability in this update is CVE-2024-9183 , a high severity issue marked as a race condition in the CI/CD cache. This flaw allows an authenticated attacker to steal the credentials of a user with higher privileges , and an attacker could exploit this gap to take control of an administrator account or perform unauthorized actions.

Another important fix addresses CVE-2025-12571 , a dangerous denial of service vulnerability. This vulnerability allows an unauthenticated attacker (without a username and password) to crash a GitLab instance by sending a malicious JSON request , potentially taking an organization’s code repository offline and disrupting development workflows.

Authentication Bypass Vulnerability

The update also addresses the CVE-2025-12653 vulnerability , a medium-severity issue where unauthenticated users could bypass security controls and join arbitrary organizations by manipulating network request headers. While less severe than a crash vulnerability, this workaround poses a significant risk to organizations’ privacy and access controls.

GitLab strongly recommends that all customers running affected versions immediately upgrade to the latest patch version (18.6.1, 18.5.3, or 18.4.5). Upgrade impact: Single-node instances will experience downtime due to database migration, while multi-node instances can upgrade without downtime.

If not updated promptly, attackers can analyze publicly available patches and reverse engineer vulnerability exploitation methods, continually exposing the instance to risk.

  • credential theft
  • CVE-2024-9183
  • cybersecurity patches
  • DoS attacks
  • GitLab security updates
  • high-severity vulnerabilities
  • Incident response
  • secure coding practices
  • threat intelligence
  • vulnerability management
Immagine del sitoRedazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli