CVE-2025-8014 — Vulnetix

CVE-2025-8014 PUBLISHED

Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption.

EPSS 0.16% · 36.9th percentile

Risk Scores

EPSS Score

0.16%

36.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	gitlab	11.10.0, 18.3.0, 18.4.0
Bitnami	gitlab	18.3.0, 18.4.0, 11.10.0

Exploit Intelligence

https://hackerone.com/reports/3228134 (bitnami)

Timeline

Sep 26, 2025 CVE Published
Sep 28, 2025 EPSS Score
Oct 1, 2025 CVE Updated
Oct 5, 2025 EPSS Score
Oct 11, 2025 EPSS Score
Oct 18, 2025 EPSS Score
Oct 25, 2025 EPSS Score
Oct 31, 2025 EPSS Score
Nov 7, 2025 EPSS Score
Nov 14, 2025 EPSS Score
Nov 21, 2025 EPSS Score
Nov 27, 2025 EPSS Score

References

https://gitlab.com/gitlab-org/gitlab/-/issues/556838 url
https://hackerone.com/reports/3228134 url
https://nvd.nist.gov/vuln/detail/CVE-2025-8014 url

Open in Interactive Console →