Overview
CVE-2025-6945 describes a low-severity vulnerability in GitLab Enterprise Edition (EE) that could potentially lead to the leakage of sensitive information. This issue affects GitLab EE versions 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2. An authenticated attacker could exploit this vulnerability by injecting hidden prompts into merge request comments, allowing them to extract information from confidential issues that they should not have access to.
Technical Details
The vulnerability stems from insufficient sanitization of user-supplied input within merge request comments. Specifically, an attacker can craft a malicious comment that includes specially crafted prompts. When a user interacts with the affected GitLab instance, these hidden prompts could inadvertently trigger the disclosure of sensitive data from confidential issues. This data is likely exposed through the system’s internal logic related to issue linking or cross-referencing within the comments.
The attacker needs to be an authenticated user to exploit this vulnerability. This implies the attacker requires a valid GitLab account.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) score for CVE-2025-6945 is 3.5 (Low). This score reflects the relatively limited scope of the vulnerability and the requirement for authentication. The CVSS vector string is likely to be something like: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (This is an example, the official vector string should be verified on the NVD after its creation.)
- Attack Vector (AV): Network (N) – The vulnerability is exploitable over a network.
- Attack Complexity (AC): Low (L) – Exploitation requires little to no specialized access conditions.
- Privileges Required (PR): Low (L) – An attacker needs low privileges (e.g., a valid user account) to exploit the vulnerability.
- User Interaction (UI): None (N) – The vulnerability exploitable without any user interaction.
- Scope (S): Unchanged (U) – An exploited vulnerability can only affect resources managed by the same security authority.
- Confidentiality Impact (C): Low (L) – There is limited information disclosure.
- Integrity Impact (I): None (N) – There is no impact to data integrity.
- Availability Impact (A): None (N) – There is no impact to system availability.
Possible Impact
While the CVSS score is low, the potential impact should not be ignored. Successful exploitation of CVE-2025-6945 could lead to:
- Information Leakage: Unauthorized access to sensitive information contained within confidential issues. This could include project plans, security vulnerabilities, or customer data.
- Increased Attack Surface: The leaked information could be used to further compromise the GitLab instance or related systems.
Mitigation and Patch Steps
GitLab has released patches to address this vulnerability. It is strongly recommended to upgrade to the following versions or later:
- GitLab EE 18.3.6
- GitLab EE 18.4.4
- GitLab EE 18.5.2
To upgrade your GitLab instance, follow the official GitLab upgrade documentation. Regularly updating your GitLab instance is crucial for maintaining a secure environment.
