CVE-2025-10004 — Vulnetix

CVE-2025-10004 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs.

EPSS 0.05% · 15.9th percentile

Risk Scores

EPSS Score

0.05%

15.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	13.12.0, 18.3.0, 18.4.0
Bitnami	gitlab	18.4.0, 13.12.0, 18.3.0

Timeline

Jan 21, 1970 Security Advisory
Oct 9, 2025 CVE Published
Oct 9, 2025 Coalition ESS Score
Oct 9, 2025 Coalition ESS Score
Oct 10, 2025 EPSS Score
Oct 10, 2025 Coalition ESS Score
Oct 15, 2025 Coalition ESS Score
Oct 16, 2025 EPSS Score
Oct 22, 2025 EPSS Score
Oct 29, 2025 EPSS Score
Oct 31, 2025 Coalition ESS Score
Nov 4, 2025 EPSS Score

References

https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/ url
https://gitlab.com/gitlab-org/gitlab/-/issues/568121 url
https://hackerone.com/reports/3026555 url
https://nvd.nist.gov/vuln/detail/CVE-2025-10004 url

Open in Interactive Console →