CVE-2025-11447 — Vulnetix

CVE-2025-11447 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads.

EPSS 0.08% · 22.6th percentile

Risk Scores

EPSS Score

0.08%

22.6th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	11.0.0, 18.4.0, 18.5.0
Bitnami	gitlab	11.0.0, 18.4.0, 18.5.0

Timeline

Jan 21, 1970 Security Advisory
Oct 22, 2025 CVE Published
Oct 27, 2025 EPSS Score
Oct 27, 2025 Coalition ESS Score
Oct 31, 2025 Coalition ESS Score
Nov 2, 2025 EPSS Score
Nov 7, 2025 EPSS Score
Nov 12, 2025 Coalition ESS Score
Nov 13, 2025 EPSS Score
Nov 17, 2025 Coalition ESS Score
Nov 19, 2025 EPSS Score
Nov 24, 2025 EPSS Score

References

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ url
https://gitlab.com/gitlab-org/gitlab/-/issues/574858 url
https://hackerone.com/reports/3367019 url
https://nvd.nist.gov/vuln/detail/CVE-2025-11447 url

Open in Interactive Console →