CVE-2025-6945 | GitLab Enterprise Edition up to 18.3.5/18.4.3/18.5.1 Merge Request command injection (Patch 552611)

A vulnerability was found in GitLab Enterprise Edition up to 18.3.5/18.4.3/18.5.1. It has been declared as critical. This affects an unknown part of the component Merge Request Handler. Such manipulation leads to command injection.

This vulnerability is documented as CVE-2025-6945. The attack can be executed remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More