Home

Description

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files.

PUBLISHED Reserved 2025-09-22 | Published 2025-09-26 | Updated 2025-09-26 | Assigner GitLab




HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

Default status
unaffected

Any version before 18.2.7
affected

18.3 before 18.3.3
affected

18.4 before 18.4.1
affected

References

gitlab.com/gitlab-org/gitlab/-/issues/570034 (GitLab Issue #570034) issue-tracking permissions-required

cve.org (CVE-2025-10858)

nvd.nist.gov (CVE-2025-10858)

Download JSON