PT-2025-22459 · Gitlab · Gitlab Ce/Ee
Published
2025-05-21
·
Updated
2025-06-09
·
CVE-2025-0993
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions prior to 17.10.7
GitLab CE/EE version 17.11 prior to 17.11.3
GitLab CE/EE version 18.0 prior to 18.0.1
Description
An issue has been discovered in GitLab CE/EE that could allow an authenticated attacker to cause a denial of service condition by exhausting server resources. This issue can lead to system downtime and resource exhaustion across platforms and integrations. The patched vulnerabilities were not used in the wild, and users are strongly advised to update to the latest versions to mitigate risks.
Recommendations
For GitLab CE/EE versions prior to 17.10.7, upgrade to version 17.10.7 or later.
For GitLab CE/EE version 17.11 prior to 17.11.3, upgrade to version 17.11.3 or later.
For GitLab CE/EE version 18.0 prior to 18.0.1, upgrade to version 18.0.1 or later.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee