CVE-2025-5996
BaseFortify
Publication date: 2025-06-12
Last updated on: 2025-08-08
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 2.1.0 (inc) to 17.10.8 (exc) |
| gitlab | gitlab | From 2.1.0 (inc) to 17.10.8 (exc) |
| gitlab | gitlab | From 17.11.0 (inc) to 17.11.4 (exc) |
| gitlab | gitlab | From 17.11.0 (inc) to 17.11.4 (exc) |
| gitlab | gitlab | From 18.0.0 (inc) to 18.0.2 (exc) |
| gitlab | gitlab | From 18.0.0 (inc) to 18.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GitLab CE/EE is due to a lack of input validation in HTTP responses, which could allow an authenticated user to cause a denial of service. It affects all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authenticated user to cause a denial of service, potentially making the GitLab service unavailable or unstable.
What immediate steps should I take to mitigate this vulnerability?
Apply the latest GitLab CE/EE patches to upgrade to versions 17.10.8 or later, 17.11.4 or later, or 18.0.2 or later, as these versions contain fixes for the vulnerability.