{"id":53562,"date":"2025-06-19T06:40:20","date_gmt":"2025-06-19T06:40:20","guid":{"rendered":""},"modified":"2025-09-12T00:48:16","modified_gmt":"2025-09-12T06:48:16","slug":"cve-2025-4278-gitlab-ce-ee-html-injection-vulnerability-leading-to-account-takeover","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-4278-gitlab-ce-ee-html-injection-vulnerability-leading-to-account-takeover\/","title":{"rendered":"CVE-2025-4278: GitLab CE\/EE HTML Injection Vulnerability Leading to Account Takeover<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

A crucial vulnerability, designated as CVE-2025-4278, has been detected in GitLab CE\/EE that affects all versions commencing with 18.0 and prior to 18.0.2. This vulnerability arises due to an HTML injection in the new search page under specific circumstances and could potentially lead to account takeover. As GitLab is a widely adopted platform for project planning, source code management, and CI\/CD, such a vulnerability poses a significant threat to millions of users<\/a> worldwide, affecting their data integrity and confidentiality.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-4278
\nSeverity: High (8.7 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: Account takeover leading to potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n