Unrated severityNVD Advisory· Published Aug 27, 2025· Updated Aug 27, 2025
Allocation of Resources Without Limits or Throttling in GitLab
CVE-2025-4225
Description
An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially crafted GraphQL requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
39cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 14.1
- (no CPE)range: >=14.1, <18.1.5 || >=18.2, <18.2.5 || >=18.3, <18.3.1
- osv-coords37 versionspkg:apk/chainguard/gitlab-docker-machine-18.1pkg:apk/chainguard/gitlab-docker-machine-18.2pkg:apk/chainguard/gitlab-docker-machine-fips-18.1pkg:apk/chainguard/gitlab-docker-machine-fips-18.2pkg:apk/chainguard/gitlab-runner-18.1pkg:apk/chainguard/gitlab-runner-18.2pkg:apk/chainguard/gitlab-runner-fips-18.1pkg:apk/chainguard/gitlab-runner-fips-18.2pkg:apk/chainguard/gitlab-runner-helper-18.1pkg:apk/chainguard/gitlab-runner-helper-18.2pkg:apk/chainguard/gitlab-runner-helper-compat-18.1pkg:apk/chainguard/gitlab-runner-helper-compat-18.2pkg:apk/chainguard/gitlab-runner-helper-compat-fips-18.1pkg:apk/chainguard/gitlab-runner-helper-compat-fips-18.2pkg:apk/chainguard/gitlab-runner-helper-fips-18.1pkg:apk/chainguard/gitlab-runner-helper-fips-18.2pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-18.1pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-18.2pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-fips-18.1pkg:apk/chainguard/gitlab-runner-helper-oci-entrypoint-fips-18.2pkg:apk/chainguard/gitlab-runner-oci-entrypoint-18.1pkg:apk/chainguard/gitlab-runner-oci-entrypoint-18.2pkg:apk/chainguard/gitlab-runner-oci-entrypoint-fips-18.1pkg:apk/chainguard/gitlab-runner-oci-entrypoint-fips-18.2pkg:apk/wolfi/gitlab-docker-machine-18.1pkg:apk/wolfi/gitlab-docker-machine-18.2pkg:apk/wolfi/gitlab-runner-18.1pkg:apk/wolfi/gitlab-runner-18.2pkg:apk/wolfi/gitlab-runner-helper-18.1pkg:apk/wolfi/gitlab-runner-helper-18.2pkg:apk/wolfi/gitlab-runner-helper-compat-18.1pkg:apk/wolfi/gitlab-runner-helper-compat-18.2pkg:apk/wolfi/gitlab-runner-helper-oci-entrypoint-18.1pkg:apk/wolfi/gitlab-runner-helper-oci-entrypoint-18.2pkg:apk/wolfi/gitlab-runner-oci-entrypoint-18.1pkg:apk/wolfi/gitlab-runner-oci-entrypoint-18.2pkg:bitnami/gitlab
< 18.1.3-r1+ 36 more
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r3
- (no CPE)range: < 18.2.2-r0
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: < 18.1.3-r1
- (no CPE)range: < 18.2.2-r1
- (no CPE)range: >= 14.1.0, < 18.1.5
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/3100624mitretechnical-descriptionexploitpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/538983mitreissue-trackingpermissions-required
News mentions
1- GitLab Patch Release: 18.3.1, 18.2.5, 18.1.5GitLab Security Releases · Aug 27, 2025