CVE-2025-12983
BaseFortify
Publication date: 2025-11-15
Last updated on: 2025-11-19
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 16.9.0 (inc) to 18.3.6 (exc) |
| gitlab | gitlab | From 16.9.0 (inc) to 18.3.6 (exc) |
| gitlab | gitlab | From 18.4.0 (inc) to 18.4.4 (exc) |
| gitlab | gitlab | From 18.4.0 (inc) to 18.4.4 (exc) |
| gitlab | gitlab | From 18.5.0 (inc) to 18.5.2 (exc) |
| gitlab | gitlab | From 18.5.0 (inc) to 18.5.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GitLab CE/EE allows an authenticated attacker to cause a denial of service (DoS) by submitting specially crafted markdown content with nested formatting patterns. It affects certain versions before specific patches were released.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service condition, potentially making the affected GitLab service unavailable or unstable when processing malicious markdown content.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade GitLab CE/EE to a fixed version: 18.3.6 or later for the 18.3 series, 18.4.4 or later for the 18.4 series, or 18.5.2 or later for the 18.5 series. Avoid using affected versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 to prevent denial of service caused by specially crafted markdown content.