CVE-2025-8099

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-8099

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8099.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-8099

Aliases

BIT-gitlab-2025-8099

Downstream

UBUNTU-CVE-2025-8099

Published

2026-02-11T11:35:11.456Z

Modified

2026-02-18T03:46:44.417484Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Allocation of Resources Without Limits or Throttling in GitLab

Details

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

Database specific

{
    "cwe_ids": [
        "CWE-770"
    ],
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/8xxx/CVE-2025-8099.json"
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

342f33beb2ce090cfabfd0a5e7327b78d04588bb

Fixed

e529f6c3f048a1600ee184ee72f234cfd3ecbdb6

Database specific

{
    "versions": [
        {
            "introduced": "10.8"
        },
        {
            "fixed": "18.6.6"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

ceaa3c8b3a5ddb810b246bff3029e68cc57caf94

Fixed

4597d837d39a31d0978b23cbf4b4dd9a496ae536

Database specific

{
    "versions": [
        {
            "introduced": "18.7"
        },
        {
            "fixed": "18.7.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

1010a9b2b769993080ce8399fd25e77c54e1ad1c

Fixed

24b860ec8f94cded541e088aeff15552b46af805

Database specific

{
    "versions": [
        {
            "introduced": "18.8"
        },
        {
            "fixed": "18.8.4"
        }
    ]
}

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee

11-10-0cfa69752d8-74ffd66ae-ee

11-10-119f9509d50-6d7537235-ee

v10.*

v10.8.0.pre

v10.9.0.pre

v11.*

v11.0.0.pre

v11.1.0.pre

v11.2.0.pre

v11.3.0.pre

v18.*

v18.6.0-ee

v18.6.0-rc42-ee

v18.6.0-rc43-ee

v18.6.0-rc44-ee

v18.6.0-rc45-ee

v18.6.1-ee

v18.6.2-ee

v18.6.3-ee

v18.6.4-ee

v18.6.5-ee

v18.7.0-ee

v18.7.1-ee

v18.7.2-ee

v18.7.3-ee

v18.8.0-ee

v18.8.1-ee

v18.8.2-ee

v18.8.3-ee

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.2.1

v6.2.2

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.4.1

v6.4.2

v6.4.3

v6.5.0-ee

v6.5.1

v6.6.0-ee

v6.6.1

v6.6.2

v6.7.0-ee

v6.7.0.rc1-ee

v6.7.1

v6.7.2

v6.8.0-ee

v6.8.1

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

v7.4.0-ee

v7.4.1-ee

v7.4.2-ee

v7.4.3-ee

v7.4.4-ee

v8.*

v8.11.0

v8.11.0-ee

v8.11.0-rc1

v8.11.0-rc1-ee

v8.11.0-rc2

v8.11.0-rc2-ee

v8.11.0-rc3

v8.11.0-rc3-ee

v8.11.0-rc4

v8.11.0-rc4-ee

v8.11.0-rc5

v8.11.0-rc5-ee

v8.11.0-rc6

v8.11.0-rc6-ee

v8.11.0-rc7

v8.11.0-rc7-ee

v8.11.1

v8.12.0

v8.12.0-ee

v8.12.0-rc1

v8.12.0-rc1-ee

v8.12.0-rc2

v8.12.0-rc2-ee

v8.12.0-rc3

v8.12.0-rc3-ee

v8.12.0-rc4

v8.12.0-rc4-ee

v8.12.0-rc5

v8.12.0-rc5-ee

v8.12.0-rc6

v8.12.0-rc6-ee

v8.12.0-rc7

v8.12.0-rc7-ee

v8.12.0.pre

v8.12.1

v8.12.1-ee

v8.12.2

v8.12.2-ee

v8.12.3-ee

v8.2.0-ee

v8.2.0.rc1

v8.2.0.rc1-ee

v8.2.0.rc2

v8.2.0.rc2-ee

v8.8.0

v8.8.0-ee

v8.8.0-rc1

v8.8.0-rc1-ee

v8.8.0-rc2

v8.8.0-rc2-ee

v8.8.1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8099.json"