CVE-2025-9222

high

Red Hat

CVSS v3 Base Score

8.7

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS Score

0.0%

Exploitation probability in 30 days

Top 91% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

None

Published: January 9, 2026 (125 days ago)

Last Modified: January 9, 2026

Vendor: Red Hat

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown.

CWE

CWE-79

Affected Products

OpenShift PipelinesRed Hat OpenShift Container Platform 4

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 about.gitlab.com 🔗 gitlab.com

CVE-2025-9222

Vulnerability Report

Description

CWE

Affected Products

References