Denial of Service Vulnerability in GitLab Community Edition and Enterprise Edition
CVE-2025-2614

6.5MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 13 August 2025

What is CVE-2025-2614?

A vulnerability has been identified in GitLab Community Edition and Enterprise Edition which affects numerous versions, allowing an authenticated user to create specially crafted content. This malicious content can lead to a denial of service by consuming excessive server resources during processing, potentially disrupting service availability.

Affected Version(s)

GitLab 11.6 < 18.0.6

GitLab 18.1 < 18.1.4

GitLab 18.2 < 18.2.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/526349

issue-trackingpermissions-required

https://hackerone.com/reports/3015894

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Mar 21, 2025

Credit

Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program

Gitlab

What is CVE-2025-2614?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit