Denial of Service Vulnerability in GitLab CE/EE
CVE-2025-5996

6.5MEDIUM

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 12 June 2025

What is CVE-2025-5996?

A vulnerability has been identified in GitLab CE/EE that arises from insufficient input validation in HTTP responses. An authenticated user can exploit this flaw to create conditions that lead to a denial of service, potentially disrupting the availability of the application and impacting users' productivity. Various versions of GitLab CE/EE are impacted, and it is essential for users to apply updates to mitigate this risk. Detailed issue tracking has been documented within GitLab to address this and related concerns.

Affected Version(s)

GitLab 2.10 < 17.10.7

GitLab 17.11 < 17.11.3

GitLab 18.0 < 18.0.1

References

https://gitlab.com/gitlab-org/gitlab/-/issues/476671

issue-trackingpermissions-required

https://gitlab.com/gitlab-org/gitlab/-/issues/483150

issue-trackingpermissions-required

https://gitlab.com/gitlab-org/gitlab/-/issues/479167

issue-trackingpermissions-required

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

Thanks [pwnie](https://hackerone.com/pwnie) for reporting this vulnerability through our HackerOne bug bounty program

Gitlab

What is CVE-2025-5996?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit