CVE-2025-8014 — Allocation of Resources Without Limits or Throttling in Gitlab

CWE-770 — Allocation of Resources Without Limits or Throttling4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 65.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab EE

Timeline

PublishedSep 27

Description

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5gitlab/gitlab11.10 — 18.2.7+2

▶NVDgitlab/gitlab11.10.0 — 18.2.7+2

▶debiandebian/gitlab

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ee

🔴Vulnerability Details

GHSA

GHSA-688v-85ch-v3v6: Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11↗2025-09-27

▶

📋Vendor Advisories

GitLab

CVE-2025-8014: Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior t↗2025-09-27

▶

Debian

CVE-2025-8014: gitlab - Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versi...↗2025

▶