CVE-2025-3111Allocation of Resources Without Limits or Throttling in Gitlab

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-476NULL Pointer DereferenceCWE-416Use After Free8 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 35.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
GitlabDebian GitlabGitlab CE+5 more
Timeline
PublishedMay 22
Latest updateJun 15

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages10 packages

CVEListV5gitlab/gitlab10.217.10.7+2
NVDgitlab/gitlab10.2.017.10.7+2
debiandebian/gitlab
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-r3m4-8xwf-9fpp: An issue has been discovered in GitLab CE/EE affecting all versions from 102025-05-22
OSV
CVE-2025-3111: An issue has been discovered in GitLab CE/EE affecting all versions from 102025-05-22

💥Exploits & PoCs

1
Exploit-DB
PCMan FTP Server 2.0.7 - Buffer Overflow2025-06-15

📋Vendor Advisories

4
GitLab
CVE-2025-3111: An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of2025-05-22
Debian
CVE-2025-3111: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 be...2025
Microsoft
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calli2023-06-13
Microsoft
An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY which is registered in wm8350_init_charger2022-12-13