CVE-2025-2937

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-2937
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2937.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-2937
Aliases
Downstream
Related
Published
2025-08-13T17:26:55.506Z
Modified
2026-04-10T05:24:30.527381Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Inefficient Regular Expression Complexity in GitLab
Details

An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature.

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2937.json",
    "cwe_ids": [
        "CWE-1333"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
ce28f708ec5ca68092e16f55e47710367d32f2a1
Fixed
85327bfea0841b1eda70dc49b76918681510f967
Database specific 
{
    "versions": [
        {
            "introduced": "13.2"
        },
        {
            "fixed": "18.0.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
e0f3b86408aa4e7f03b63ac9e7dba6de1df14e93
Fixed
693bb5e6ca55d16970747e6a3157ab801608b758
Database specific 
{
    "versions": [
        {
            "introduced": "18.1"
        },
        {
            "fixed": "18.1.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
64403a0daee4413eb45b939590f37c351b8e72bf
Fixed
bef324d0853760755341c3ea7ca9469e4d962377
Database specific 
{
    "versions": [
        {
            "introduced": "18.2"
        },
        {
            "fixed": "18.2.2"
        }
    ]
}

Affected versions

v18.*
v18.1.0-ee
v18.2.0-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2937.json"