CVE-2025-10868 — Gitlab vulnerability

CWE-8404 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 97.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedSep 26

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit performance degradation with large inputs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5gitlab/gitlab17.4 — 18.2.7+2

▶NVDgitlab/gitlab17.4.0 — 18.2.7+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-vrvm-qc4x-35pw: An issue has been discovered in GitLab CE/EE affecting all versions from 17↗2025-09-26

▶

📋Vendor Advisories

GitLab

CVE-2025-10868: An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain↗2025-09-26

▶

Debian

CVE-2025-10868: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 be...↗2025

▶