Unrated severityNVD Advisory· Published Aug 27, 2025· Updated Aug 27, 2025
Allocation of Resources Without Limits or Throttling in GitLab
CVE-2025-3601
Description
An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
39cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 8.15
- (no CPE)range: >=8.15 <18.1.5, >=18.2 <18.2.5, >=18.3 <18.3.1
- osv-coords37 versionspkg:apk/chainguard/gitlab-docker-machine-18.1pkg:apk/chainguard/gitlab-docker-machine-18.2pkg:apk/chainguard/gitlab-docker-machine-fips-18.1pkg:apk/chainguard/gitlab-docker-machine-fips-18.2pkg:apk/chainguard/gitlab-runner-18.1pkg:apk/chainguard/gitlab-runner-18.2pkg:apk/chainguard/gitlab-runner-fips-18.1pkg:apk/chainguard/gitlab-runner-fips-18.2pkg:apk/chainguard/gitlab-runner-helper-18.1pkg:apk/chainguard/gitlab-runner-helper-18.2pkg:apk/chainguard/gitlab-runner-helper-compat-18.1pkg:apk/chainguard/gitlab-runner-helper-compat-18.2pkg:apk/chainguard/gitlab-runner-helper-compat-fips-18.1pkg:apk/chainguard/gitlab-runner-helper-compat-fips-18.2pkg:apk/chainguard/gitlab-runner-helper-fips-18.1pkg:apk/chainguard/gitlab-runner-helper-fips-18.2pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-18.1pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-18.2pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-fips-18.1pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-fips-18.2pkg:apk/chainguard/gitlab-runner-oci-entrypoint-18.1pkg:apk/chainguard/gitlab-runner-oci-entrypoint-18.2pkg:apk/chainguard/gitlab-runner-oci-entrypoint-fips-18.1pkg:apk/chainguard/gitlab-runner-oci-entrypoint-fips-18.2pkg:apk/wolfi/gitlab-docker-machine-18.1pkg:apk/wolfi/gitlab-docker-machine-18.2pkg:apk/wolfi/gitlab-runner-18.1pkg:apk/wolfi/gitlab-runner-18.2pkg:apk/wolfi/gitlab-runner-helper-18.1pkg:apk/wolfi/gitlab-runner-helper-18.2pkg:apk/wolfi/gitlab-runner-helper-compat-18.1pkg:apk/wolfi/gitlab-runner-helper-compat-18.2pkg:apk/wolfi/gitlab-runner-helper-oci-entrypoint-18.1pkg:apk/wolfi/gitlab-runner-helper-oci-entrypoint-18.2pkg:apk/wolfi/gitlab-runner-oci-entrypoint-18.1pkg:apk/wolfi/gitlab-runner-oci-entrypoint-18.2pkg:bitnami/gitlab
< 18.1.3-r1+ 36 more
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: >= 8.15.0, < 18.1.5
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/3050155mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/536034mitreissue-trackingpermissions-required
News mentions
1- GitLab Patch Release: 18.3.1, 18.2.5, 18.1.5GitLab Security Releases · Aug 27, 2025