CVE-2025-6945 | GitLab Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Merge Request command injection (Patch 552611)

Inserito da Angelo Barbosa | Nov 15, 2025 | CVE

A vulnerability was found in GitLab Enterprise Edition up to 18.3.5/18.4.3/18.5.1. It has been declared as critical. This affects an unknown part of the component Merge Request Handler. Such manipulation leads to command injection.

This vulnerability is documented as CVE-2025-6945. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.

CVE-2025-6945 | GitLab Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Merge Request command injection (Patch 552611)

Post correlati

CVE-2024-42619 | Pligg CMS 2.0.2 domain_management.php cross-site request forgery

CVE-2024-3995 | Perforce Helix ALM 2020.3.1 Build 22 command injection

CVE-2024-36575 | getsetprop 1.1.0 global.accessor prototype pollution

CVE-2024-41674 | ckan up to 2.10.4 package_search information exposure (GHSA-2rqw-cfhc-35fh)