CVE-2025-1477

Medium CVSS 6.5

Overview

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints.

CWE: CWE-770 Published: 2025-08-13T18:15:28.903

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.5 (MEDIUM)
Detected tags: dos, unauth_access (tag impact: HIGH)

Recommended actions:

Rate limiting, resource quotas and circuit breakers.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags