PT-2025-15975 · Gitlab · Gitlab Ce/Ee

Published

2025-04-10

Updated

2025-08-07

CVE-2025-1677

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.8.7 and earlier, versions 17.9 prior to 17.9.6, and versions 17.10 prior to 17.10.4.

Description: A denial of service (DoS) issue exists in GitLab CE/EE. The issue occurs when oversized payloads are injected into CI pipeline exports, potentially leading to a service disruption. The vulnerability is related to unrestricted resource allocation.

Recommendations: GitLab CE/EE versions 17.8.7 and earlier: Update to a newer, fixed version. GitLab CE/EE versions 17.9 prior to 17.9.6: Update to version 17.9.6 or later. GitLab CE/EE versions 17.10 prior to 17.10.4: Update to version 17.10.4 or later.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2025-05144

BIT-GITLAB-2025-1677

CVE-2025-1677

Affected Products

Gitlab Ce/Ee

PT-2025-15975 · Gitlab · Gitlab Ce/Ee

CVE-2025-1677

Weakness Enumeration

Related Identifiers

Affected Products

References · 16