CVE-2025-3279

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.7 through 17.11.5 GitLab CE/EE versions 18.0 through 18.0.3 GitLab CE/EE versions 18.1 through 18.1.1

Description: An issue has been discovered in GitLab CE/EE that could allow authenticated attackers to create a denial-of-service (DoS) condition by sending crafted GraphQL requests. The vulnerability is related to unrestricted resource allocation within the GraphQL API. Exploitation may allow a remote attacker to cause a service disruption by sending specially crafted requests.

Recommendations: GitLab CE/EE versions prior to 17.11.5 should be updated to version 17.11.5 or later. GitLab CE/EE versions prior to 18.0.3 should be updated to version 18.0.3 or later. GitLab CE/EE versions prior to 18.1.1 should be updated to version 18.1.1 or later.