Last Week in AppSec for 28. October 2025

This Checkmarx Zero newsletter highlights multiple high- and medium-severity vulnerabilities: seven CVEs in GitLab (including a CVSS 8.5 Runner API improper access control enabling runner hijack and several DoS and authorization issues) requiring upgrades to 18.x branches, and an Apache Geode management API CSRF (CVE-2025-47410, CVSSv3=8.8) requiring update to 1.15.2+. The report advises patching, using WAF/reverse-proxy limits, network access controls, and configuration mitigations to reduce exposure and provides commands and checks to determine exposure scope.