CVE-2025-4225

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-4225
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4225.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-4225
Aliases
Downstream
Related
Published
2025-08-27T19:33:45.928Z
Modified
2025-11-20T13:21:29.059067Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Allocation of Resources Without Limits or Throttling in GitLab
Details

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially crafted GraphQL requests.

Database specific 
{
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
e4567ef4362f4ef24a09112564b31dfe9044ea12
Fixed
37cd445f04ca9225834e84c0705b8cc8a5ef92c6
Database specific 
{
    "versions": [
        {
            "introduced": "14.1"
        },
        {
            "fixed": "18.1.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
64403a0daee4413eb45b939590f37c351b8e72bf
Fixed
eacf4ae161bac46e23ea1a20845a61466512dd5b
Database specific 
{
    "versions": [
        {
            "introduced": "18.2"
        },
        {
            "fixed": "18.2.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
94282cd9b41643ecd8a82da6cf46834cd9609afe
Fixed
cb15859792b69875385491d698ab05d2e75c9ff6
Database specific 
{
    "versions": [
        {
            "introduced": "18.3"
        },
        {
            "fixed": "18.3.1"
        }
    ]
}

Affected versions

v18.*

v18.2.0-ee
v18.2.1-ee
v18.2.2-ee
v18.2.3-ee
v18.2.4-ee
v18.3.0-ee