Denial of Service Vulnerability in GitLab EE
CVE-2025-1257

6.5MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 13 March 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in certain GitLab EE instances that could allow an attacker to manipulate specific API inputs. This manipulation could lead to a denial of service condition, disrupting the normal functionality of the application. This issue affects all GitLab EE versions starting from 12.3 to prior releases of versions 17.7.7, 17.8.5, and 17.9.2. It is crucial for users and administrators to implement the latest security patches to mitigate potential risks.

Affected Version(s)

GitLab 12.3 < 17.7.7

GitLab 17.8 < 17.8.5

GitLab 17.9 < 17.9.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-1257 - Proof of Concept

References

https://gitlab.com/gitlab-org/gitlab/-/issues/519348

issue-trackingpermissions-required

https://hackerone.com/reports/2984218

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 13, 2025
👾
Exploit known to exist
Mar 13, 2025
Vulnerability published
Mar 13, 2025
Vulnerability Reserved
Feb 12, 2025

Credit

Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program