HIGHCVE-2025-14870CVSS 7.5

CVE-2025-14870: DoS in GitLab

Plattform

gitlab

Komponente

gitlab

Behoben in

18.11.3

Auf NVD ansehen

Speichern

CVE-2025-14870 describes a denial-of-service (DoS) vulnerability discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw allows an unauthenticated user to trigger a denial of service by exploiting insufficient input validation when sending specially crafted JSON payloads. The vulnerability impacts versions 18.5.0 through 18.11.3, and a fix is available in version 18.11.3.

Auswirkungen und Angriffsszenarien

Successful exploitation of CVE-2025-14870 can lead to a denial of service, rendering GitLab unavailable to legitimate users. An attacker could repeatedly send malicious JSON payloads, overwhelming GitLab's resources and causing it to become unresponsive. This disruption can impact critical development workflows, CI/CD pipelines, and overall system availability. The lack of authentication required for exploitation significantly broadens the potential attack surface, as any external user can attempt to trigger the DoS. While the vulnerability doesn't directly expose sensitive data, prolonged downtime can indirectly impact data access and processing.

Ausnutzungskontext

CVE-2025-14870 was published on 2026-05-14. Its severity is rated as HIGH with a CVSS score of 7.5. Public proof-of-concept (POC) code is not currently available, but the ease of exploitation (unauthenticated access) suggests a potential for widespread scanning and exploitation. The vulnerability is not currently listed on KEV or EPSS, indicating a low to medium probability of active exploitation at this time. Refer to the official GitLab advisory for further details.

Bedrohungsanalyse

Exploit-Status

Proof of ConceptUnbekannt

CISA KEVNO

Internet-ExponierungHoch

CISA SSVC

Ausnutzungnone

Automatisierbaryes

Technische Auswirkungpartial

CVSS-Vektor

Was bedeuten diese Metriken?

Attack Vector: Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
Attack Complexity: Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
Privileges Required: Keine — ohne Authentifizierung ausnutzbar. Keine Zugangsdaten erforderlich.
User Interaction: Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
Scope: Unverändert — Auswirkung auf das anfällige Komponente beschränkt.
Confidentiality: Keine — kein Vertraulichkeitseinfluss.
Integrity: Keine — kein Integritätseinfluss.
Availability: Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.

Betroffene Software

Komponentegitlab

HerstellerGitLab

Mindestversion18.5.0

Höchstversion18.11.3

Behoben in18.11.3

Schwachstellen-Klassifikation (CWE)

CWE-770

Zeitleiste

Reserviert2025-12-18
Veröffentlicht2026-05-14

Mitigation und Workarounds

The primary mitigation for CVE-2025-14870 is to upgrade GitLab to version 18.11.3 or later. If immediate upgrading is not feasible, consider implementing temporary workarounds such as rate limiting incoming requests to GitLab. Web Application Firewalls (WAFs) configured to detect and block malformed JSON payloads can also provide a layer of protection. Monitor GitLab logs for unusual activity or error patterns that might indicate exploitation attempts. After upgrading, confirm the fix by attempting to send a crafted JSON payload (as described in the GitLab advisory) and verifying that it no longer triggers a DoS.

So behebenwird übersetzt…

Actualice GitLab a la versión 18.9.7 o posterior, 18.10.6 o posterior, o 18.11.3 o posterior para mitigar la vulnerabilidad. Esta actualización aborda la falta de validación de entrada que permitía a usuarios no autenticados causar una denegación de servicio a través de payloads JSON maliciosos.

Häufig gestellte Fragen

What is CVE-2025-14870 — DoS in GitLab?

CVE-2025-14870 is a denial-of-service vulnerability in GitLab CE/EE allowing unauthenticated users to cause service disruption via crafted JSON payloads. It affects versions 18.5.0–18.11.3.

Am I affected by CVE-2025-14870 in GitLab?

You are affected if you are running GitLab CE/EE versions 18.5.0 through 18.11.3. Upgrade to 18.11.3 or later to mitigate the risk.

How do I fix CVE-2025-14870 in GitLab?

The recommended fix is to upgrade GitLab to version 18.11.3 or a later version. Temporary workarounds include rate limiting and WAF configuration.

Is CVE-2025-14870 being actively exploited?

While no active exploitation has been publicly confirmed, the vulnerability's ease of exploitation suggests a potential for scanning and attacks. Monitor your GitLab instance closely.

Where can I find the official GitLab advisory for CVE-2025-14870?

Refer to the official GitLab security advisory for detailed information and mitigation guidance: [https://gitlab.com/security/advisories/CVE-2025-14870](https://gitlab.com/security/advisories/CVE-2025-14870)

Ist dein Projekt betroffen?

Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.

Kostenlos scannen CVEs suchen

liveKostenloser Scan

Jetzt testen — kein Konto

Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.

Manueller ScanSlack/E-Mail-AlertsKontinuierliche ÜberwachungWhite-Label-Berichte

Abhängigkeitsdatei hier ablegen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...

Dateien durchsuchen