CVE-2025-6186

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-6186

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6186.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-6186

Aliases

BIT-gitlab-2025-6186

Downstream

UBUNTU-CVE-2025-6186

Published

2025-08-13T18:15:32Z

Modified

2025-08-18T08:59:38.856013Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

e0f3b86408aa4e7f03b63ac9e7dba6de1df14e93

Fixed

693bb5e6ca55d16970747e6a3157ab801608b758

Affected versions

v18.*

v18.1.0-ee

v18.1.1-ee

v18.1.2-ee

v18.1.3-ee