PT-2025-41362 · Gitlab · Gitlab Ce/Ee
Pwnie
·
Published
2025-10-08
·
Updated
2025-10-20
·
CVE-2025-10004
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 13.12 through 18.2.8
GitLab CE/EE versions 18.3 through 18.3.4
GitLab CE/EE versions 18.4 through 18.4.2
Description
The software is susceptible to a denial of service condition triggered by crafted GraphQL queries requesting large repository blobs. This can lead to the GitLab instance becoming unresponsive or severely degraded. The issue affects the GraphQL API.
Recommendations
Update GitLab CE/EE to a version later than 18.2.8.
Update GitLab CE/EE to a version later than 18.3.4.
Update GitLab CE/EE to a version later than 18.4.2.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee