CVE-2025-1477

HIGH EPSS 33.9%

Published Aug 13, 202510mo ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Aug 13, 2025 10mo ago

Last Modified Jun 17, 2026 1w ago

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

33.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-770

Affected Products 6

Vendor	Product	Version	Range
gitlab	gitlab	*	≥8.1.4 – <18.0.6
gitlab	gitlab	*	≥8.1.4 – <18.0.6
gitlab	gitlab	*	≥18.1.0 – <18.1.4
gitlab	gitlab	*	≥18.1.0 – <18.1.4
gitlab	gitlab	*	≥18.2.0 – <18.2.2
gitlab	gitlab	*	≥18.2.0 – <18.2.2

References 2

gitlab.com https://gitlab.com/gitlab-org/gitlab/-/issues/520353

Broken Link
hackerone.com https://hackerone.com/reports/2987614

Permissions Required

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.