CVE-2025-2934 — Vulnetix

CVE-2025-2934 PUBLISHED

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTTP responses.

EPSS 0.09% · 25.7th percentile

Risk Scores

EPSS Score

0.09%

25.7th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	5.2.0, 18.4.0, 18.3.0
Bitnami	gitlab	18.3.0, 18.4.0, 5.2.0

Timeline

Oct 9, 2025 CVE Published
Oct 9, 2025 EPSS Score
Oct 9, 2025 Coalition ESS Score
Oct 10, 2025 Coalition ESS Score
Oct 15, 2025 EPSS Score
Oct 15, 2025 Coalition ESS Score
Oct 22, 2025 EPSS Score
Oct 28, 2025 EPSS Score
Nov 1, 2025 Coalition ESS Score
Nov 3, 2025 EPSS Score
Nov 8, 2025 Coalition ESS Score
Nov 9, 2025 EPSS Score

References

https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/ url
https://gitlab.com/gitlab-org/gitlab/-/issues/528979 url
https://hackerone.com/reports/3058791 url
https://nvd.nist.gov/vuln/detail/CVE-2025-2934 url

Open in Interactive Console →