CVE-2025-12562
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-11
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab_ce | 18.6 |
| gitlab | gitlab_ce | 18.5 |
| gitlab | gitlab_ee | 18.6 |
| gitlab | gitlab_ee | 18.5 |
| gitlab | gitlab_ce | 18.4 |
| gitlab | gitlab_ee | 18.4 |
| gitlab | gitlab_ee | 11.10 |
| gitlab | gitlab_ce | 11.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in GitLab CE/EE allows an unauthenticated user to create a denial of service (DoS) condition by sending specially crafted GraphQL queries that bypass the query complexity limits.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service condition, which means an attacker can disrupt the availability of the GitLab service by exploiting the flaw to overload the system with complex GraphQL queries.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade GitLab CE/EE to versions 18.4.6 or later, 18.5.4 or later, or 18.6.2 or later, as these versions contain the fix for the denial of service condition caused by crafted GraphQL queries.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.