vulnerability

Gitlab Gitlab: CVE-2025-8014: Allocation of Resources Without Limits or Throttling

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:N/I:N/A:C)	Sep 27, 2025	Sep 29, 2025	Oct 7, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Sep 27, 2025

Added

Sep 29, 2025

Modified

Oct 7, 2025

Description

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption.

Solution

gitlab-gitlab-upgrade-latest

References

CWE-770
CVE-2025-8014
https://attackerkb.com/topics/CVE-2025-8014
URL-https://gitlab.com/gitlab-org/gitlab/-/issues/556838
URL-https://hackerone.com/reports/3228134

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today