PT-2025-5901 · Gitlab · Gitlab Ce/Ee
Published
2025-02-07
·
Updated
2025-08-06
·
CVE-2025-1072
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
GitLab CE/EE versions 7.14.1 through 17.3.7
GitLab CE/EE versions 17.4 through 17.4.4
GitLab CE/EE versions 17.5 through 17.5.2
Description
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE. The issue could occur upon importing maliciously crafted content using the Fogbugz importer.
Recommendations
For GitLab CE/EE versions 7.14.1 through 17.3.7, update to version 17.3.7 or later to resolve the issue.
For GitLab CE/EE versions 17.4 through 17.4.4, update to version 17.4.4 or later to resolve the issue.
For GitLab CE/EE versions 17.5 through 17.5.2, update to version 17.5.2 or later to resolve the issue.
As a temporary workaround, consider restricting the use of the Fogbugz importer until a patch is applied.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab Ce/Ee