GitLab Patch Release: 18.7.1, 18.6.3, 18.5.5
CSIRTS triage
- What
- These versions contain important bug and security fixes.
- Who is affected
- All self-managed GitLab installations.
- Urgency
- Remediation is critical as these versions address high-severity vulnerabilities.
- Action
- Upgrade to one of the patched versions immediately.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch GitLab Community Edition and Enterprise Edition
Get an email when a new GitLab Community Edition and Enterprise Edition advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://docs.gitlab.com/releases/patches/patch-release-gitlab-18-7-1-released/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2025-92220.38% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 30% of all scored CVEs.
- Low exploitation riskCVE-2025-137610.62% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 45% of all scored CVEs.
- Low exploitation riskCVE-2025-137720.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2025-105690.48% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
- Low exploitation riskCVE-2025-137810.41% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 33% of all scored CVEs.
- Low exploitation riskCVE-2025-112460.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2025-39500.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Low exploitation riskCVE-2025-650180.22% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 13% of all scored CVEs.
- Low exploitation riskCVE-2025-647200.35% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 27% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2025-9222 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-13761 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-13772 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-10569 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-13781 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-11246 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-3950 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-65018 | coverage & exploitation status | NVD · CVE.org |
| CVE-2025-64720 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- medium[UPDATE] [medium] libpng: Multiple vulnerabilitiescert-bund
Recent advisories for GitLab Patch Release
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalGitLab Patch Release: 19.1.2, 19.0.4, 18.11.7gitlab · 2026-07-08
- unknownGitLab Patch Release: 18.8.11gitlab · 2026-07-01
- unknownGitLab patch release notesgitlab · 2026-07-01
- criticalGitLab Patch Release: 19.1.1, 19.0.3, 18.11.6gitlab · 2026-06-24
- criticalGitLab Patch Release: 19.0.2, 18.11.5, 18.10.8gitlab · 2026-06-10
- unknownGitLab Patch Release: 18.9.8, 18.8.10, 18.7.7, 18.6.8, 18.5.7gitlab · 2026-05-27
More from GitLab Security Releases
- criticalGitLab Patch Release: 19.1.2, 19.0.4, 18.11.72026-07-08
- unknownGitLab Patch Release: 18.8.112026-07-01
- unknownGitLab patch release notes2026-07-01
- criticalGitLab Patch Release: 19.1.1, 19.0.3, 18.11.62026-06-24
- criticalGitLab Patch Release: 19.0.2, 18.11.5, 18.10.82026-06-10