{"vulnerability": "CVE-2025-10858", "sightings": [{"uuid": "db23ff75-e0be-47f4-8e08-949eb09f125d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-10858", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lzwibdgnic2c", "content": "", "creation_timestamp": "2025-09-28T21:54:03.651151Z"}, {"uuid": "9f2b3b24-67fb-45dc-9a82-c5c869f3be12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-10858", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/5735", "content": "\u041d\u0430\u0448\u0430 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u0430\u044f, \u043d\u043e \u043f\u043e\u0434\u0437\u0430\u0431\u044b\u0442\u0430\u044f \u0440\u0443\u0431\u0440\u0438\u043a\u0430\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c \u0433\u0438\u0442\u043b\u0430\u0431\u0447\u0438\u043a\u0438 \ud83d\udc85\ud83d\udc85\ud83d\udc85\n\n\u0412 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 Critical \u043d\u0435\u0442, \u043d\u043e \u0435\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0439 High\n\nCVE-2025-10858 - Denial of Service issue when uploading specifically crafted JSON files impacts GitLab CE/EE\nGitLab has remediated an issue that could have allowed an unauthenticated user to render a GitLab instance unresponsive to legitimate users by sending specifically crafted JSON files.\n\nissue \u043f\u043e\u043a\u0430 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u0430\u044f\nhttps://gitlab.com/gitlab-org/gitlab/-/issues/570034\n\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u044f\nhttps://www.cve.org/CVERecord?id=CVE-2025-10858\n\n\u041d\u0443 \u0438 XSS \u0442\u043e\u0436\u0435 High (\u0441\u0434\u0430\u043b\u0438 \u0447\u0435\u0440\u0435\u0437 Bug Bounty)\n\nCVE-2025-9642 - Cross-site scripting issue in Script Gadgets impacts GitLab CE/EE\nGitLab has remediated an issue that, under certain conditions, could have allowed an unauthenticated user to execute actions on behalf of other users by injecting malicious content.\n\nissue \u043f\u043e\u043a\u0430 \u043f\u0440\u0438\u0432\u0430\u0442\u043d\u0430\u044f\nhttps://gitlab.com/gitlab-org/gitlab/-/issues/566505\n\n\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\nhttps://www.cve.org/CVERecord?id=CVE-2025-9642\n\n\u041f\u043e\u0441\u0442\nGitLab Patch Release: 18.4.1, 18.3.3, 18.2.7\nhttps://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/", "creation_timestamp": "2025-09-29T15:05:53.000000Z"}]}