PT-2025-39625 · Gitlab · Gitlab Ce/Ee

Published

2025-09-26

Updated

2025-09-26

CVE-2025-11042

CVSS v3.1

4.3

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

**Name of the Vulnerable Software and Affected Versions**

GitLab CE/EE versions 17.2 through 18.2.6

GitLab CE/EE versions 18.3 through 18.3.2

GitLab CE/EE versions 18.4 through 18.4.0

**Description**

The software contains an issue that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition when using specific GraphQL queries.

**Recommendations**

Update GitLab CE/EE to version 18.2.7 or later.

Update GitLab CE/EE to version 18.3.3 or later.

Update GitLab CE/EE to version 18.4.1 or later.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2025-11042

Affected Products

Gitlab Ce/Ee

PT-2025-39625 · Gitlab · Gitlab Ce/Ee

Weakness Enumeration

Related Identifiers

Affected Products

References · 4