VDB
CVE-2025-9222
CVE-2025-9222
PUBLISHED
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown.
EPSS 0.04% · 14.2th percentile
Risk Scores
EPSS Score
0.04%
14.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | gitlab | 18.2.2, 18.6.0, 18.7.0 |
| Bitnami | gitlab | 18.2.2, 18.6.0, 18.7.0 |
Exploit Intelligence
- CIRCL seen: CVE-2025-9222 (circl-sighting)
- CIRCL seen: CVE-2025-9222 (circl-sighting)
- CIRCL seen: CVE-2025-9222 (circl-sighting)
- CIRCL seen: CVE-2025-9222 (circl-sighting)
- GitLab Issue #562561 (circl)
- https://about.gitlab.com/releases/2026/01/07/patch-release-gitlab-18-7-1-released/ (circl)
- https://hackerone.com/reports/3297483 (osv)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
…and 13 more exploits
Timeline
- Jan 8, 2026 CVE Published
- Jan 8, 2026 PoC Published
- Jan 9, 2026 EPSS Score
- Jan 9, 2026 PoC Published
- Jan 9, 2026 PoC Published
- Jan 12, 2026 EPSS Score
- Jan 13, 2026 PoC Published
- Jan 15, 2026 EPSS Score
- Jan 18, 2026 EPSS Score
- Jan 22, 2026 EPSS Score
- Jan 25, 2026 EPSS Score
- Jan 28, 2026 EPSS Score