GitLab
Company Details
Linkedin ID:
gitlab-com
Employees number:
3,111
Number of followers:
1,051,242
NAICS:
5415
Industry Type:
Homepage:
gitlab.com
IP Addresses:
0
Company ID:
GIT_3395080
Scan Status:
In-progress
GitLab Company CyberSecurity Posture
gitlab.com
GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development costs and time to market while increasing developer productivity. We're the world's largest all-remote company with team members located in more than 65 countries. As part of the GitLab team, you can work from anywhere with good internet. You'll have the freedom to contribute when and where you do your best work. Interested in opportunities at GitLab? Join our talent community and share your information with our recruiting team: https://about.gitlab.com/jobs/
GitLab A.I CyberSecurity Scoring
GitLab Risk Score (AI oriented)Between 750 and 799
GitLab
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
GitLab Global Score (TPRM)XXXX
GitLab
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
GitLab Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
GitLab
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: GitLab disclosed nine vulnerabilities across its Community (CE) and Enterprise (EE) editions, with **CVE-2025-6945** being the most critical—a **prompt-injection flaw in GitLab Duo’s AI-powered review feature** that allows authenticated attackers to exfiltrate sensitive data from **confidential issues** via hidden prompts in merge request comments. This exploit leverages AI’s lack of input validation, turning an AI assistant into a vector for data leakage. Additionally, **CVE-2025-11224** (a stored XSS vulnerability in the Kubernetes proxy) enables authenticated users to execute malicious scripts, while **CVE-2025-2615** and **CVE-2025-7000** expose confidential data through GraphQL subscriptions and branch name leaks, respectively. The flaws span versions back to **15.10**, creating a broad attack surface for organizations running unpatched instances. Though no evidence of active exploitation exists, the vulnerabilities risk **unauthorized access to proprietary code, internal discussions, and project metadata**, potentially aiding supply-chain attacks or competitive espionage. GitLab has released patches (versions **18.5.2, 18.4.4, 18.3.6**) and urged immediate upgrades for self-managed deployments.
GitLab
Vulnerability
Rankiteo Explanation
Attack threatening the organization's existence
Description: A critical vulnerability discovered in GitLab Community could enable an attacker to steal runner registration tokens. The vulnerability announced in GitLab security advisory affects all versions. If this vulnerability is exploited then an unauthorized user can steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
GitLab Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for GitLab
Incidents vs IT Services and IT Consulting Industry Average (This Year)
GitLab has 85.19% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
GitLab has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types GitLab vs IT Services and IT Consulting Industry Avg (This Year)
GitLab reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — GitLab (X = Date, Y = Severity)
GitLab cyber incidents detection timeline including parent company and subsidiaries
GitLab Company Subsidiaries
GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate and build software. From idea to production, GitLab helps teams improve cycle time from weeks to minutes, reduce development costs and time to market while increasing developer productivity. We're the world's largest all-remote company with team members located in more than 65 countries. As part of the GitLab team, you can work from anywhere with good internet. You'll have the freedom to contribute when and where you do your best work. Interested in opportunities at GitLab? Join our talent community and share your information with our recruiting team: https://about.gitlab.com/jobs/
Loading...
GitLab Similar Companies
Insight
Insight Enterprises, Inc. is a Fortune 500 solutions integrator helping organizations accelerate their digital journey to modernize their business and maximize the value of technology. Insight’s technical expertise spans cloud and edge-based transformation solutions, with global scale and optimizati
Serco
We bring together the right people, the right technology and the right partners to create innovative solutions that make positive impact and address some of the most urgent and complex challenges facing the modern world. With a focus on serving governments globally, Serco’s services span justice,
IBM
We don’t just imagine the future — we create it. We collaborate with technologists, developers and engineers to turn bold ideas into real-world impact. We partner with iconic brands like Ferrari and global events like the US Open, Wimbledon and The Masters to bring innovation to the world’s bigge
Capgemini
Capgemini is a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 5
We automate, digitize and transform the way people bank and shop. We offer proven expertise and comprehensive portfolios in cutting-edge product technology, multi-vendor software and service excellence for financial and retail customers. Consumer behavior is changing rapidly; people are empowered a
Unlocking financial technology. Bringing the world’s money into harmony. At FIS, we advance the way the world pays, banks, and invests. With decades of expertise, we provide financial technology solutions to financial institutions, businesses, and developers. Headquartered in Jacksonville, Florida,
Conduent delivers digital business solutions and services spanning the commercial, government and transportation spectrum – creating valuable outcomes for its clients and the millions of people who count on them. We leverage cloud computing, artificial intelligence, machine learning, automation and
AlmavivA Group
Almaviva is synonymous with digital innovation. Proven experience, unique skills, ongoing research and in-depth knowledge of a range of public and private market sectors are what make it the leading Italian Group in Information & Communications Technology. Almaviva leads the Country growth and take
LexisNexis
LexisNexis Legal & Professional is a leading global provider of legal, regulatory and business information and analytics that help customers increase productivity, improve decision-making and outcomes, and advance the rule of law around the world. We help lawyers win cases, manage their work more e
.png)
GitLab CyberSecurity News
November 14, 2025 03:21 PM
Multiple GitLab Vulnerabilities Allow Malicious Prompt Injection and Data Theft
The most alarming vulnerability is CVE-2025-6945, a prompt injection flaw in GitLab Duo's review feature that allows authenticated users.
November 13, 2025 01:04 PM
Multiple GitLab Vulnerabilities Let Attackers Inject Malicious Prompts to Steal Sensitive Data
GitLab has released security patches addressing multiple vulnerabilities affecting both the Community Edition and the Enterprise Edition.
October 31, 2025 07:00 AM
Government alert: Multiple vulnerabilities found in Google Chrome desktop browser and GitLab
The Indian cyber security agency, Cert-In, has issued a serious cybersecurity warning regarding vulnerabilities in the Google Chrome web...
October 30, 2025 07:00 AM
Cert-In warns of multiple vulnerabilities in Google Chrome for desktop, Gitlab
Indian cyber security watchdog Cert-In on Thursday issued an alert about multiple vulnerabilities in Google Chrome desktop browser and...
October 23, 2025 07:00 AM
GitLab Careers, Perks + Culture
GitLab is an open core software company that develops the most comprehensive DevSecOps Platform used by more than 100,000 organizations.
October 22, 2025 07:00 AM
Multiple Gitlab Security Vulnerabilities Let Attackers Trigger DoS Condition
GitLab has urgently released patch versions 18.5.1, 18.4.3, and 18.3.5 for its Community Edition (CE) and Enterprise Edition (EE) to address...
October 22, 2025 07:00 AM
GitLab 18.5 debuts AI agents & new UI for streamlined dev ops
GitLab 18.5 launches AI agents and a new UI to enhance security, streamline workflows, and boost efficiency for software development teams.
October 17, 2025 07:00 AM
Is Datadog’s Valuation Attractive After Takeover Talks for GitLab in 2025?
Thinking about what to do with Datadog stock right now? You are not alone. Whether you have been following the company for years or just got...
October 12, 2025 07:00 AM
Cybersecurity Newsletter Weekly - Discord, Red Hat Data Breach, 7-Zip Vulnerabilities and Sonicwall Firewall...
Welcome to this week's edition of the Cybersecurity Newsletter Weekly, where we dive into the most pressing threats and vulnerabilities...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
GitLab CyberSecurity History Information
Official Website of GitLab
The official website of GitLab is https://about.gitlab.com/?utm_medium=social&utm_source=linkedin&utm_campaign=profile.
GitLab’s AI-Generated Cybersecurity Score
According to Rankiteo, GitLab’s AI-generated cybersecurity score is 780, reflecting their Fair security posture.
How many security badges does GitLab’ have ?
According to Rankiteo, GitLab currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does GitLab have SOC 2 Type 1 certification ?
According to Rankiteo, GitLab is not certified under SOC 2 Type 1.
Does GitLab have SOC 2 Type 2 certification ?
According to Rankiteo, GitLab does not hold a SOC 2 Type 2 certification.
Does GitLab comply with GDPR ?
According to Rankiteo, GitLab is not listed as GDPR compliant.
Does GitLab have PCI DSS certification ?
According to Rankiteo, GitLab does not currently maintain PCI DSS compliance.
Does GitLab comply with HIPAA ?
According to Rankiteo, GitLab is not compliant with HIPAA regulations.
Does GitLab have ISO 27001 certification ?
According to Rankiteo,GitLab is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of GitLab
GitLab operates primarily in the IT Services and IT Consulting industry.
Number of Employees at GitLab
GitLab employs approximately 3,111 people worldwide.
Subsidiaries Owned by GitLab
GitLab presently has no subsidiaries across any sectors.
GitLab’s LinkedIn Followers
GitLab’s official LinkedIn profile has approximately 1,051,242 followers.
NAICS Classification of GitLab
GitLab is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
GitLab’s Presence on Crunchbase
Yes, GitLab has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/gitlab-com.
GitLab’s Presence on LinkedIn
Yes, GitLab maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/gitlab-com.
Cybersecurity Incidents Involving GitLab
As of December 04, 2025, Rankiteo reports that GitLab has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
GitLab has an estimated 36,937 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at GitLab ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does GitLab detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with hackerone bug bounty program researchers, and containment measures with release of security patches (versions 18.5.2, 18.4.4, 18.3.6), containment measures with immediate upgrade recommendation for self-managed installations, and remediation measures with patching prompt-injection flaw in gitlab duo, remediation measures with fixing xss vulnerability in kubernetes proxy, remediation measures with addressing authorization bypass in workflows, remediation measures with resolving information disclosure issues in graphql, access control, and packages api, remediation measures with updating libxslt to version 1.1.43, and communication strategy with public security advisory, communication strategy with urgent upgrade notification for self-managed customers, communication strategy with transparency about affected versions and vulnerabilities..
Incident Details
Can you provide details on each incident ?
Title: Critical Vulnerability in GitLab Community
Description: A critical vulnerability discovered in GitLab Community could enable an attacker to steal runner registration tokens. The vulnerability announced in GitLab security advisory affects all versions. If this vulnerability is exploited then an unauthorized user can steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
Type: Information Disclosure
Attack Vector: Quick Actions Commands
Vulnerability Exploited: Information Disclosure Vulnerability
Title: GitLab Critical Security Patches Addressing Multiple Vulnerabilities Including Prompt-Injection Flaw in GitLab Duo
Description: GitLab has released critical security patches addressing nine vulnerabilities across Community Edition (CE) and Enterprise Edition (EE), including a particularly concerning prompt-injection flaw in GitLab Duo that could expose sensitive information from confidential issues. The company is urging all self-managed installations to upgrade immediately to versions 18.5.2, 18.4.4, or 18.3.6. The most alarming vulnerability is CVE-2025-6945, a prompt injection flaw in GitLab Duo’s review feature that allows authenticated users to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments. This attack demonstrates how AI-powered features can become significant security risks when input validation fails. The patch batch also includes a high-severity cross-site scripting vulnerability (CVE-2025-11224) in the Kubernetes proxy functionality, which could allow authenticated users to execute stored XSS attacks due to improper input validation. Additional medium- and low-severity vulnerabilities were also patched, highlighting critical gaps in GitLab’s access control mechanisms.
Type: Vulnerability Disclosure
Attack Vector: Prompt Injection (CVE-2025-6945)Cross-Site Scripting (CVE-2025-11224)Improper Authorization (CVE-2025-11865)Information Disclosure (CVE-2025-2615, CVE-2025-7000, CVE-2025-6171)Improper Access Control (CVE-2025-7736)Denial of Service (CVE-2025-12983)Client-Side Path Traversal (CVE-2025-11990)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Information Disclosure GIT1372322
Data Compromised: Runner Registration Tokens
Incident : Vulnerability Disclosure GIT5234552111325
Data Compromised: Sensitive information from confidential issues (cve-2025-6945), Confidential branch names (cve-2025-7000), Restricted branch names (cve-2025-6171), Confidential information via graphql (cve-2025-2615)
Systems Affected: GitLab Community Edition (CE)GitLab Enterprise Edition (EE)GitLab Duo (AI-powered review feature)Kubernetes proxy functionalityGraphQL subscriptionsPackages APIGitLab PagesMarkdown processing
Operational Impact: Potential unauthorized access to sensitive dataRisk of stored XSS attacks in Kubernetes proxyExposure of confidential issues via AI feature exploitation
Brand Reputation Impact: Potential reputational damage due to AI-powered feature vulnerabilitiesTrust erosion in access control mechanisms
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Runner Registration Tokens, Confidential Issue Details, Confidential Branch Names, Restricted Branch Names, Sensitive Information Accessible Via Graphql Subscriptions and .
Which entities were affected by each incident ?
Incident : Information Disclosure GIT1372322
Entity Name: GitLab
Entity Type: Software Company
Industry: Technology
Incident : Vulnerability Disclosure GIT5234552111325
Entity Name: GitLab Inc.
Entity Type: Software Company
Industry: Technology / DevOps
Location: Global
Customers Affected: Self-managed GitLab installations (versions prior to 18.5.2, 18.4.4, 18.3.6), Organizations using GitLab Duo, Users of Kubernetes proxy functionality, Enterprise Edition users with Duo workflows
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Disclosure GIT5234552111325
Incident Response Plan Activated: True
Third Party Assistance: Hackerone Bug Bounty Program Researchers.
Containment Measures: Release of security patches (versions 18.5.2, 18.4.4, 18.3.6)Immediate upgrade recommendation for self-managed installations
Remediation Measures: Patching prompt-injection flaw in GitLab DuoFixing XSS vulnerability in Kubernetes proxyAddressing authorization bypass in workflowsResolving information disclosure issues in GraphQL, access control, and packages APIUpdating libxslt to version 1.1.43
Communication Strategy: Public security advisoryUrgent upgrade notification for self-managed customersTransparency about affected versions and vulnerabilities
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through HackerOne bug bounty program researchers, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Information Disclosure GIT1372322
Type of Data Compromised: Runner Registration Tokens
Incident : Vulnerability Disclosure GIT5234552111325
Type of Data Compromised: Confidential issue details, Confidential branch names, Restricted branch names, Sensitive information accessible via graphql subscriptions
Sensitivity of Data: High (includes confidential project information and access-controlled data)
Data Exfiltration: Potential exfiltration via prompt injection (CVE-2025-6945)Unauthorized access to confidential data via multiple vectors
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Patching prompt-injection flaw in GitLab Duo, Fixing XSS vulnerability in Kubernetes proxy, Addressing authorization bypass in workflows, Resolving information disclosure issues in GraphQL, access control, and packages API, Updating libxslt to version 1.1.43, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by release of security patches (versions 18.5.2, 18.4.4, 18.3.6), immediate upgrade recommendation for self-managed installations and .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability Disclosure GIT5234552111325
Lessons Learned: AI-powered features (e.g., GitLab Duo) introduce new attack surfaces requiring robust input validation., Stored XSS vulnerabilities in proxy functionalities can have broad impact across integrated systems (e.g., Kubernetes)., Access control mechanisms require continuous review to prevent authorization bypasses and information disclosure., Coordinated vulnerability disclosure programs (e.g., HackerOne) are effective in identifying and mitigating security flaws., Prompt patching of third-party dependencies (e.g., libxslt) is critical to comprehensive security.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Disclosure GIT5234552111325
Recommendations: Immediately upgrade self-managed GitLab instances to patched versions (18.5.2, 18.4.4, or 18.3.6)., Review and harden input validation for AI-powered features to prevent prompt-injection attacks., Audit Kubernetes proxy configurations to mitigate XSS risks., Enhance access control policies for GraphQL subscriptions, branch names, and workflows., Monitor for unauthorized access attempts targeting newly patched vulnerabilities., Participate in bug bounty programs to proactively identify and address security flaws., Regularly update all dependencies to their latest secure versions.Immediately upgrade self-managed GitLab instances to patched versions (18.5.2, 18.4.4, or 18.3.6)., Review and harden input validation for AI-powered features to prevent prompt-injection attacks., Audit Kubernetes proxy configurations to mitigate XSS risks., Enhance access control policies for GraphQL subscriptions, branch names, and workflows., Monitor for unauthorized access attempts targeting newly patched vulnerabilities., Participate in bug bounty programs to proactively identify and address security flaws., Regularly update all dependencies to their latest secure versions.Immediately upgrade self-managed GitLab instances to patched versions (18.5.2, 18.4.4, or 18.3.6)., Review and harden input validation for AI-powered features to prevent prompt-injection attacks., Audit Kubernetes proxy configurations to mitigate XSS risks., Enhance access control policies for GraphQL subscriptions, branch names, and workflows., Monitor for unauthorized access attempts targeting newly patched vulnerabilities., Participate in bug bounty programs to proactively identify and address security flaws., Regularly update all dependencies to their latest secure versions.Immediately upgrade self-managed GitLab instances to patched versions (18.5.2, 18.4.4, or 18.3.6)., Review and harden input validation for AI-powered features to prevent prompt-injection attacks., Audit Kubernetes proxy configurations to mitigate XSS risks., Enhance access control policies for GraphQL subscriptions, branch names, and workflows., Monitor for unauthorized access attempts targeting newly patched vulnerabilities., Participate in bug bounty programs to proactively identify and address security flaws., Regularly update all dependencies to their latest secure versions.Immediately upgrade self-managed GitLab instances to patched versions (18.5.2, 18.4.4, or 18.3.6)., Review and harden input validation for AI-powered features to prevent prompt-injection attacks., Audit Kubernetes proxy configurations to mitigate XSS risks., Enhance access control policies for GraphQL subscriptions, branch names, and workflows., Monitor for unauthorized access attempts targeting newly patched vulnerabilities., Participate in bug bounty programs to proactively identify and address security flaws., Regularly update all dependencies to their latest secure versions.Immediately upgrade self-managed GitLab instances to patched versions (18.5.2, 18.4.4, or 18.3.6)., Review and harden input validation for AI-powered features to prevent prompt-injection attacks., Audit Kubernetes proxy configurations to mitigate XSS risks., Enhance access control policies for GraphQL subscriptions, branch names, and workflows., Monitor for unauthorized access attempts targeting newly patched vulnerabilities., Participate in bug bounty programs to proactively identify and address security flaws., Regularly update all dependencies to their latest secure versions.Immediately upgrade self-managed GitLab instances to patched versions (18.5.2, 18.4.4, or 18.3.6)., Review and harden input validation for AI-powered features to prevent prompt-injection attacks., Audit Kubernetes proxy configurations to mitigate XSS risks., Enhance access control policies for GraphQL subscriptions, branch names, and workflows., Monitor for unauthorized access attempts targeting newly patched vulnerabilities., Participate in bug bounty programs to proactively identify and address security flaws., Regularly update all dependencies to their latest secure versions.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are AI-powered features (e.g., GitLab Duo) introduce new attack surfaces requiring robust input validation.,Stored XSS vulnerabilities in proxy functionalities can have broad impact across integrated systems (e.g., Kubernetes).,Access control mechanisms require continuous review to prevent authorization bypasses and information disclosure.,Coordinated vulnerability disclosure programs (e.g., HackerOne) are effective in identifying and mitigating security flaws.,Prompt patching of third-party dependencies (e.g., libxslt) is critical to comprehensive security.
References
Where can I find more information about each incident ?
Incident : Information Disclosure GIT1372322
Source: GitLab Security Advisory
Incident : Vulnerability Disclosure GIT5234552111325
Source: GitLab Security Release Blog
Incident : Vulnerability Disclosure GIT5234552111325
Source: HackerOne Vulnerability Reports
Incident : Vulnerability Disclosure GIT5234552111325
Source: CVE Database Entries (CVE-2025-6945, CVE-2025-11224, etc.)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: GitLab Security Advisory, and Source: GitLab Security Release Blog, and Source: HackerOne Vulnerability Reports, and Source: CVE Database Entries (CVE-2025-6945, CVE-2025-11224, etc.).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Vulnerability Disclosure GIT5234552111325
Investigation Status: Resolved (patches released)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Security Advisory, Urgent Upgrade Notification For Self-Managed Customers and Transparency About Affected Versions And Vulnerabilities.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Vulnerability Disclosure GIT5234552111325
Stakeholder Advisories: Urgent Upgrade Notification For Self-Managed Customers, Security Advisory Detailing Vulnerabilities And Mitigations.
Customer Advisories: GitLab.com users are already protected (no action required)Dedicated customers require no actionSelf-managed customers must upgrade immediately
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Urgent Upgrade Notification For Self-Managed Customers, Security Advisory Detailing Vulnerabilities And Mitigations, Gitlab.Com Users Are Already Protected (No Action Required), Dedicated Customers Require No Action, Self-Managed Customers Must Upgrade Immediately and .
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Disclosure GIT5234552111325
Root Causes: Insufficient Input Validation In Gitlab Duo’S Prompt Handling (Cve-2025-6945)., Improper Sanitization In Kubernetes Proxy Leading To Xss (Cve-2025-11224)., Flawed Authorization Checks In Workflows And Access Control Mechanisms (Cve-2025-11865, Cve-2025-7000, Etc.)., Inadequate Restrictions On Graphql Subscriptions For Blocked Users (Cve-2025-2615)., Outdated Third-Party Library (Libxslt) With Known Vulnerabilities.,
Corrective Actions: Implemented Stricter Input Validation For Ai Feature Prompts., Enhanced Xss Protections In Proxy Functionalities., Strengthened Authorization And Access Control Policies., Restricted Graphql Subscription Access For Blocked Users., Updated Libxslt To Version 1.1.43 To Patch Additional Vulnerabilities., Released Comprehensive Security Patches For All Affected Versions.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Hackerone Bug Bounty Program Researchers, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implemented Stricter Input Validation For Ai Feature Prompts., Enhanced Xss Protections In Proxy Functionalities., Strengthened Authorization And Access Control Policies., Restricted Graphql Subscription Access For Blocked Users., Updated Libxslt To Version 1.1.43 To Patch Additional Vulnerabilities., Released Comprehensive Security Patches For All Affected Versions., .
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Runner Registration Tokens, Sensitive information from confidential issues (CVE-2025-6945), Confidential branch names (CVE-2025-7000), Restricted branch names (CVE-2025-6171), Confidential information via GraphQL (CVE-2025-2615) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was GitLab Community Edition (CE)GitLab Enterprise Edition (EE)GitLab Duo (AI-powered review feature)Kubernetes proxy functionalityGraphQL subscriptionsPackages APIGitLab PagesMarkdown processing.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was hackerone bug bounty program researchers, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Release of security patches (versions 18.5.2, 18.4.4 and 18.3.6)Immediate upgrade recommendation for self-managed installations.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Confidential branch names (CVE-2025-7000), Restricted branch names (CVE-2025-6171), Sensitive information from confidential issues (CVE-2025-6945), Confidential information via GraphQL (CVE-2025-2615) and Runner Registration Tokens.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Prompt patching of third-party dependencies (e.g., libxslt) is critical to comprehensive security.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enhance access control policies for GraphQL subscriptions, branch names, and workflows., Participate in bug bounty programs to proactively identify and address security flaws., Review and harden input validation for AI-powered features to prevent prompt-injection attacks., Regularly update all dependencies to their latest secure versions., Immediately upgrade self-managed GitLab instances to patched versions (18.5.2, 18.4.4, or 18.3.6)., Monitor for unauthorized access attempts targeting newly patched vulnerabilities. and Audit Kubernetes proxy configurations to mitigate XSS risks..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are HackerOne Vulnerability Reports, GitLab Security Release Blog, CVE Database Entries (CVE-2025-6945, CVE-2025-11224, etc.) and GitLab Security Advisory.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Resolved (patches released).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Urgent upgrade notification for self-managed customers, Security advisory detailing vulnerabilities and mitigations, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an GitLab.com users are already protected (no action required)Dedicated customers require no actionSelf-managed customers must upgrade immediately.
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=gitlab-com' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
