CVE-2025-14511 — Improper Validation of Specified Quantity in Input in Gitlab

CWE-1284 — Improper Validation of Specified Quantity in Input6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 82.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedFeb 25

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5gitlab/gitlab12.2 — 18.7.5+2

▶NVDgitlab/gitlab12.2.0 — 18.7.5+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

GHSA

GHSA-rwv9-wgmx-5vq4: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12↗2026-02-25

▶

OSV

CVE-2025-14511: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12↗2026-02-25

▶

📋Vendor Advisories

GitLab

CVE-2025-14511: GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could h↗2026-02-25

▶

Debian

CVE-2025-14511: gitlab - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 ...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-14511 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶