PT-2025-37161 · Gitlab · Gitlab Ce/Ee+1
Yuki_Osaki
·
Published
2025-09-10
·
Updated
2026-03-10
·
CVE-2025-2256
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
GitLab CE/EE versions 7.12 through 18.1.6
GitLab CE/EE versions 18.2 through 18.2.6
GitLab CE/EE versions 18.3 through 18.3.2
GitLab versions prior to 16.10.5
GitLab versions prior to 17.0.3
GitLab versions prior to 17.1.1
Description:
An issue exists in GitLab CE/EE that could allow unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses.
Recommendations:
Update GitLab CE/EE to version 18.1.6 or later.
Update GitLab CE/EE to version 18.2.6 or later.
Update GitLab CE/EE to version 18.3.2 or later.
Update GitLab to version 16.10.5 or later.
Update GitLab to version 17.0.3 or later.
Update GitLab to version 17.1.1 or later.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee