CVE-2025-2937
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-15
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 13.2.0 (inc) to 18.0.6 (exc) |
| gitlab | gitlab | From 13.2.0 (inc) to 18.0.6 (exc) |
| gitlab | gitlab | From 18.1.0 (inc) to 18.1.4 (exc) |
| gitlab | gitlab | From 18.1.0 (inc) to 18.1.4 (exc) |
| gitlab | gitlab | From 18.2.0 (inc) to 18.2.2 (exc) |
| gitlab | gitlab | From 18.2.0 (inc) to 18.2.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GitLab CE/EE allows authenticated users to cause a denial of service (DoS) by sending specially crafted markdown payloads to the Wiki feature. It affects versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service condition, meaning an attacker who is authenticated can disrupt the availability of the GitLab Wiki feature, potentially affecting productivity and access to important documentation.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade GitLab CE/EE to a fixed version beyond 18.0.6, 18.1.4, or 18.2.2 depending on your current version. Avoid allowing authenticated users to send markdown payloads to the Wiki feature until the update is applied.