VDB

GCVE-110-CLOUD-2025-0004

GCVE-110-CLOUD-2025-0004
Advisory Published
Vulnetix · Advisory published May 22, 2025
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.

Affected Products

VendorProductVersionsPlatforms
GitLabCloud Services

Browse GCVE Records

73,393 records in the GCVE database · Updated July 17, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›