CVE-2025-3601

An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses.

Database specific

{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/3xxx/CVE-2025-3601.json",
    "cwe_ids": [
        "CWE-770"
    ]
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

c1710afbd437c557741ff4c7fa185c6ffb89bf1b

Fixed

37cd445f04ca9225834e84c0705b8cc8a5ef92c6

Database specific

{
    "versions": [
        {
            "introduced": "8.15"
        },
        {
            "fixed": "18.1.5"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

64403a0daee4413eb45b939590f37c351b8e72bf

Fixed

eacf4ae161bac46e23ea1a20845a61466512dd5b

Database specific

{
    "versions": [
        {
            "introduced": "18.2"
        },
        {
            "fixed": "18.2.5"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

94282cd9b41643ecd8a82da6cf46834cd9609afe

Fixed

cb15859792b69875385491d698ab05d2e75c9ff6

Database specific

{
    "versions": [
        {
            "introduced": "18.3"
        },
        {
            "fixed": "18.3.1"
        }
    ]
}

Affected versions

v18.*

v18.2.0-ee

v18.2.3-ee

v18.2.4-ee

v18.3.0-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3601.json"