CVE-2025-10868

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-10868
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-10868.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-10868
Aliases
Published
2025-09-26T09:10:49.812Z
Modified
2025-12-05T07:25:21.207399Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Business Logic Errors in GitLab
Details

An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/10xxx/CVE-2025-10868.json",
    "cwe_ids": [
        "CWE-840"
    ],
    "cna_assigner": "GitLab"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
22193b3da887c1fa5e49021fa8f87b74e6539a7a
Fixed
209ac0f668d898508cd90eb9eac4d24ce5f989af
Database specific 
{
    "versions": [
        {
            "introduced": "17.4"
        },
        {
            "fixed": "18.2.7"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
94282cd9b41643ecd8a82da6cf46834cd9609afe
Fixed
c29534a7999d2214b3a552e590d080d1b657cdfa
Database specific 
{
    "versions": [
        {
            "introduced": "18.3"
        },
        {
            "fixed": "18.3.3"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
9255f56b45844196bb7657a9f1fde6aa65a5d08d
Fixed
270836848e7b42902a41058ed5792f1003a1073d
Database specific 
{
    "versions": [
        {
            "introduced": "18.4"
        },
        {
            "fixed": "18.4.1"
        }
    ]
}

Affected versions

v18.*

v18.3.0-ee
v18.3.1-ee
v18.3.2-ee
v18.4.0-ee