VDB
CVE-2025-11224
CVE-2025-11224
PUBLISHED
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality.
EPSS 0.04% · 13.3th percentile
Risk Scores
EPSS Score
0.04%
13.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 18.4.0, 18.5.0, 15.10.0 |
| Bitnami | gitlab | 15.10.0, 18.4.0, 18.5.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-11224 (circl-sighting)
- CIRCL seen: CVE-2025-11224 (circl-sighting)
- CIRCL seen: CVE-2025-11224 (circl-sighting)
- CIRCL seen: CVE-2025-11224 (circl-sighting)
- https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/ (circl)
- GitLab Issue #573223 (circl)
- https://hackerone.com/reports/3277291 (osv)
- ghost_report_20260112_192608.json (github-poc)
- ghost_report_20260112_192608.json (github-poc)
- ghost_report_20260112_192608.json (github-poc)
…and 42 more exploits
Timeline
- Oct 1, 2025 CVE ID Reserved
- Nov 13, 2025 CVE Published
- Nov 13, 2025 PoC Published
- Nov 13, 2025 PoC Published
- Jan 14, 2026 PoC Published
- Jan 14, 2026 PoC Published
- Jan 15, 2026 EPSS Score
- Jan 18, 2026 EPSS Score
- Jan 21, 2026 EPSS Score
- Jan 24, 2026 EPSS Score
- Jan 27, 2026 EPSS Score
- Jan 30, 2026 EPSS Score