ByteOS Network

NVD Vulnerability Details :

CVE-2025-6186

Analyzed

Source-cve@gitlab.com

Published At-13 Aug, 2025 | 18:15

Updated At-15 Aug, 2025 | 16:33

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.7	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CPE Matches

GitLab Inc.

>>gitlab>>Versions from 18.1.0(inclusive) to 18.1.4(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

GitLab Inc.

>>gitlab>>Versions from 18.1.0(inclusive) to 18.1.4(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

GitLab Inc.

>>gitlab>>Versions from 18.2.0(inclusive) to 18.2.2(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

GitLab Inc.

>>gitlab>>Versions from 18.2.0(inclusive) to 18.2.2(exclusive)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	cve@gitlab.com

References

Hyperlink	Source	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/549844	cve@gitlab.com	Broken Link
https://hackerone.com/reports/3189522	cve@gitlab.com	Permissions Required

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History