GitLab Releases Emergency Patches for AI Assistant Vulnerability

GitLab has released emergency patches—17.10.1, 17.9.3, and 17.8.6—to mitigate the vulnerability CVE-2025-2867, an indirect command injection that affected its AI assistant GitLab Duo. This vulnerability had been publicly demonstrated by Legit Security. The flaw allowed for code theft.