216.73.216.6

CVE-2025-8014

· Published 27/09/2025 17:15 · Modified 27/09/2025 17:15

Labels: CVE-2025-8014 2025-09-27CVE-2025-8014CWE-770[email protected]

Essential information

Published
27/09/2025 17:15
Modified
27/09/2025 17:15
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
gitlab / gitlab ce cpe:2.3:a:gitlab:gitlab_ce:11.10:*:*:*:*:*:*:*
gitlab / gitlab ce cpe:2.3:a:gitlab:gitlab_ce:<18.2.7:*:*:*:*:*:*:*
gitlab / gitlab ce cpe:2.3:a:gitlab:gitlab_ce:<18.3.3:*:*:*:*:*:*:*
gitlab / gitlab ce cpe:2.3:a:gitlab:gitlab_ce:<18.4.1:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:11.10:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:<18.2.7:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:<18.3.3:*:*:*:*:*:*:*
gitlab / gitlab ee cpe:2.3:a:gitlab:gitlab_ee:<18.4.1:*:*:*:*:*:*:*

References