VYPR
Unrated severityNVD Advisory· Published Sep 26, 2025· Updated Sep 26, 2025

Allocation of Resources Without Limits or Throttling in GitLab

CVE-2025-10867

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated user to create a denial-of-service condition by exploiting an unprotected GraphQL API through repeated requests.

Affected products

11

Patches

Vulnerability mechanics

References

1

News mentions

1