Denial of Service Vulnerability in GitLab CE/EE Products
CVE-2025-12571

7.5HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 26 November 2025

What is CVE-2025-12571?

GitLab has addressed a security issue affecting its Community Edition and Enterprise Edition, allowing unauthenticated attackers to launch a Denial of Service (DoS) attack through sending specially crafted requests that include malicious JSON payloads. This vulnerability impacts multiple versions of GitLab from version 17.10 up until version 18.6.1, making it critical for users to update their systems promptly to ensure protection against potential service disruptions. Security measures against such attack vectors are essential to maintain service availability and integrity.

Affected Version(s)

GitLab 17.10 < 18.4.5

GitLab 18.5 < 18.5.3

GitLab 18.6 < 18.6.1

References

https://gitlab.com/gitlab-org/gitlab/-/issues/579168

issue-trackingpermissions-required

https://hackerone.com/reports/3362239

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Oct 31, 2025

Credit

Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program

JSON

Gitlab

What is CVE-2025-12571?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit