Denial of Service Vulnerability in GitLab by GitLab
CVE-2025-1478

6.5MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 12 June 2025

What is CVE-2025-1478?

A critical issue affecting GitLab CE/EE arises from improper input validation in Board Names, which could potentially be exploited to trigger a denial of service. The flaw impacts a range of versions, exposing users to risks of disruption and unavailability. Timely updates and patches are crucial for maintaining system integrity and preventing service interruptions.

Affected Version(s)

GitLab 8.13 < 17.10.8

GitLab 17.11 < 17.11.4

GitLab 18.0 < 18.0.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/520354

issue-trackingpermissions-required

https://hackerone.com/reports/2987444

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Feb 19, 2025

Credit

Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program

Gitlab

What is CVE-2025-1478?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit