Denial of Service Vulnerability in GitLab CE/EE Affects Multiple Versions
CVE-2025-12983

3.5LOW

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 15 November 2025

What is CVE-2025-12983?

A denial of service vulnerability exists in GitLab CE/EE, affecting versions from 16.9 to 18.5.2. This issue allows authenticated attackers to disrupt service by submitting maliciously crafted markdown content that exploits nested formatting patterns. When such content is processed, it can lead to significant service interruptions. Mitigations have been implemented in subsequent releases to address this threat.

Affected Version(s)

GitLab 16.9 < 18.3.6

GitLab 18.4 < 18.4.4

GitLab 18.5 < 18.5.2

References

https://about.gitlab.com/releases/2025/11/12/patch-releas...

https://gitlab.com/gitlab-org/gitlab/-/issues/296257

issue-trackingpermissions-required

https://hackerone.com/reports/3419588

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2025
Vulnerability Reserved
Nov 10, 2025

Credit

This issue was found

JSON

Gitlab

What is CVE-2025-12983?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit