VDB
CVE-2025-6945
CVE-2025-6945
PUBLISHED
GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments.
EPSS 0.03% · 7.6th percentile
Risk Scores
EPSS Score
0.03%
7.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 17.8.0, 18.4.0, 18.5.0 |
| Bitnami | gitlab | 17.8.0, 18.4.0, 18.5.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-6945 (circl-sighting)
- CIRCL seen: CVE-2025-6945 (circl-sighting)
- https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/ (circl)
- GitLab Issue #552611 (circl)
- https://hackerone.com/reports/3173458 (bitnami)
Timeline
- Nov 13, 2025 CVE Published
- Nov 15, 2025 EPSS Score
- Nov 15, 2025 CVE Updated
- Nov 20, 2025 EPSS Score
- Nov 24, 2025 PoC Published
- Nov 25, 2025 EPSS Score
- Nov 25, 2025 PoC Published
- Nov 30, 2025 EPSS Score
- Dec 5, 2025 EPSS Score
- Dec 10, 2025 EPSS Score
- Dec 15, 2025 EPSS Score
- Dec 20, 2025 EPSS Score