CVE-2025-14513

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.11 through 18.7.5 GitLab CE/EE versions 18.8 through 18.8.5 GitLab CE/EE versions 18.9 through 18.9.1

Description An issue in GitLab CE/EE could allow an unauthenticated user to cause a denial of service condition. This is due to improper input validation when processing specially crafted JSON payloads in the protected branches API. The issue affects the processing of payloads sent to the /protected branches API endpoint. The vulnerability stems from insufficient validation of the JSON data received, potentially leading to resource exhaustion or other disruptive behavior.

Recommendations GitLab versions 16.11 through 18.7.5 should be upgraded to version 18.7.6 or later. GitLab versions 18.8 through 18.8.5 should be upgraded to version 18.8.6 or later. GitLab versions 18.9 through 18.9.1 should be upgraded to version 18.9.2 or later.