Denial of Service Vulnerability in GitLab CE/EE
CVE-2025-5996

6.5MEDIUM

Key Information:

Vendor

Gitlab
Status
Gitlab
Vendor
CVE Published:
12 June 2025

What is CVE-2025-5996?

A vulnerability has been identified in GitLab CE/EE that arises from insufficient input validation in HTTP responses. An authenticated user can exploit this flaw to create conditions that lead to a denial of service, potentially disrupting the availability of the application and impacting users' productivity. Various versions of GitLab CE/EE are impacted, and it is essential for users to apply updates to mitigate this risk. Detailed issue tracking has been documented within GitLab to address this and related concerns.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GitLab 2.10 < 17.10.7

GitLab 17.11 < 17.11.3

GitLab 18.0 < 18.0.1

References

https://gitlab.com/gitlab-org/gitlab/-/issues/476671
issue-trackingpermissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/483150
issue-trackingpermissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/479167
issue-trackingpermissions-required

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program
JSON
.