THREATOPS
THREAT OPSThreat News › [NVD] CVE-2025-9222 (HIGH 8.7) — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown.

[NVD] CVE-2025-9222 (HIGH 8.7) — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown.

lownvdPublished 2026-01-09

CVE-2025-9222 CVSS: 8.7 HIGH Published: 2026-01-09T10:15:47.037

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown.

Indicators of compromise

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-9222