CVE-2025-0993

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/516927
https://hackerone.com/reports/2967771

Configurations

No configuration.

History

23 May 2025, 15:55

Type	Values Removed	Values Added
Summary		(es) Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones anteriores a la 17.10.7, a la 17.11 anterior a la 17.11.3 y a la 18.0 anterior a la 18.0.1. Esto podría permitir que un atacante autenticado provoque una denegación de servicio al agotar los recursos del servidor.

22 May 2025, 15:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-22 15:16

Updated : 2025-05-23 15:55

NVD link : CVE-2025-0993

Mitre link : CVE-2025-0993

CVE.ORG link : CVE-2025-0993

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

7.5 /10