CVE-2025-11974 — Vulnetix

CVE-2025-11974 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints.

EPSS 0.07% · 22.1th percentile

Risk Scores

EPSS Score

0.07%

22.1th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	18.4.0, 18.5.0, 11.7.0
Bitnami	gitlab	18.5.0, 11.7.0, 18.4.0

Timeline

Jan 21, 1970 Security Advisory
Oct 22, 2025 CVE Published
Oct 27, 2025 EPSS Score
Oct 27, 2025 Coalition ESS Score
Oct 27, 2025 Coalition ESS Score
Oct 28, 2025 Coalition ESS Score
Oct 29, 2025 Coalition ESS Score
Nov 1, 2025 Coalition ESS Score
Nov 2, 2025 EPSS Score
Nov 3, 2025 Coalition ESS Score
Nov 7, 2025 EPSS Score
Nov 13, 2025 EPSS Score

References

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ url
https://gitlab.com/gitlab-org/gitlab/-/issues/571761 url
https://nvd.nist.gov/vuln/detail/CVE-2025-11974 url

Open in Interactive Console →