Unrated severityNVD Advisory· Published Jun 12, 2025· Updated Aug 1, 2025
Allocation of Resources Without Limits or Throttling in GitLab
CVE-2025-5996
Description
An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.
Affected products
2cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 2.10
- (no CPE)range: >=2.1.0, <17.10.8, >=17.11, <17.11.4, >=18.0, <18.0.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- gitlab.com/gitlab-org/gitlab/-/issues/476671mitreissue-trackingpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/479167mitreissue-trackingpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/483111mitreissue-trackingpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/483150mitreissue-trackingpermissions-required
- gitlab.com/gitlab-org/gitlab/-/issues/498649mitreissue-trackingpermissions-required
News mentions
1- GitLab Patch Release: 18.0.2, 17.11.4, 17.10.8GitLab Security Releases · Jun 11, 2025