GitLab has released urgent security updates across versions 18.6.1, 18.5.3, and 18.4.5 to fix multiple high-severity vulnerabilities affecting both Community and Enterprise editions.
The most dangerous flaw, CVE-2024-9183, exploits a race condition in CI/CD caches that lets authenticated attackers steal credentials from higher-privileged users. CVE-2025-12571 allows unauthenticated attackers to crash GitLab servers with malicious JSON requests, potentially taking entire development workflows offline.
A third vulnerability, CVE-2025-12653, enables unauthorized users to bypass security checks and join organizations by manipulating request headers. GitLab.com is already patched, but administrators running self-managed installations must upgrade immediately to prevent exploitation.
Source: CyberSecurity News