CVE-2025-2614

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab11.6 < 18.0.6affected
GitLabGitLab18.1 < 18.1.4affected
GitLabGitLab18.2 < 18.2.2affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References