Home

Description

An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs.

PUBLISHED Reserved 2025-02-12 | Published 2025-03-13 | Updated 2025-03-14 | Assigner GitLab




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

Default status
unaffected

12.3 (semver) before 17.7.7
affected

17.8 (semver) before 17.8.5
affected

17.9 (semver) before 17.9.2
affected

Credits

Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program finder

References

gitlab.com/gitlab-org/gitlab/-/issues/519348 (GitLab Issue #519348) issue-tracking permissions-required

hackerone.com/reports/2984218 (HackerOne Bug Bounty Report #2984218) technical-description exploit permissions-required

cve.org (CVE-2025-1257)

nvd.nist.gov (CVE-2025-1257)

Download JSON