CVE-2025-3279

Summary

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab10.7 < 17.11.5affected
GitLabGitLab18.0 < 18.0.3affected
GitLabGitLab18.1 < 18.1.1affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References