CVE-2025-10497 — Vulnetix

CVE-2025-10497 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads.

EPSS 0.08% · 23.8th percentile

Risk Scores

EPSS Score

0.08%

23.8th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	17.10.0, 18.4.0, 18.5.0
Bitnami	gitlab	17.10.0, 18.4.0, 18.5.0

Timeline

Jan 21, 1970 Security Advisory
Oct 22, 2025 CVE Published
Oct 27, 2025 EPSS Score
Oct 27, 2025 Coalition ESS Score
Oct 27, 2025 Coalition ESS Score
Oct 28, 2025 Coalition ESS Score
Oct 28, 2025 PoC Published
Oct 29, 2025 Coalition ESS Score
Nov 1, 2025 Coalition ESS Score
Nov 2, 2025 EPSS Score
Nov 3, 2025 Coalition ESS Score
Nov 7, 2025 EPSS Score

References

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ url
https://gitlab.com/gitlab-org/gitlab/-/issues/570336 url
https://hackerone.com/reports/3338151 url
https://nvd.nist.gov/vuln/detail/CVE-2025-10497 url

Open in Interactive Console →