CVE-2025-8014
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-27

Last updated on: 2025-10-03

Assigner: GitLab Inc.

Description
Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-27
Last Modified
2025-10-03
Generated
2026-05-07
AI Q&A
2025-09-27
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8014
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
gitlab gitlab From 11.10.0 (inc) to 18.2.7 (exc)
gitlab gitlab From 11.10.0 (inc) to 18.2.7 (exc)
gitlab gitlab From 18.3.0 (inc) to 18.3.3 (exc)
gitlab gitlab From 18.3.0 (inc) to 18.3.3 (exc)
gitlab gitlab 18.4.0
gitlab gitlab 18.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Denial of Service (DoS) issue in the GraphQL endpoints of GitLab EE/CE. It affects versions from 11.10 up to certain fixed versions. The issue allows unauthenticated users to bypass query complexity limits, which can lead to resource exhaustion and disrupt the service.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing attackers to cause a Denial of Service on your GitLab instance. Since unauthenticated users can bypass query complexity limits, they can exhaust system resources, leading to service disruption and unavailability.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart