Plattform
gitlab
Komponente
gitlab
Behoben in
18.8.9
18.9.5
18.10.3
CVE-2025-12664 affects GitLab CE/EE versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3. The vulnerability allows an unauthenticated user to trigger a denial-of-service (DoS) condition by sending a large number of repeated GraphQL queries. This can overwhelm the GitLab server and make it unavailable to legitimate users. The issue is resolved in versions 18.8.9, 18.9.5, and 18.10.3.
The primary impact of CVE-2025-12664 is a denial-of-service condition. An attacker can repeatedly send GraphQL queries to GitLab, consuming server resources and potentially causing the GitLab instance to become unresponsive. This can disrupt development workflows, prevent users from accessing the repository, and impact critical business operations. The severity is amplified if the GitLab instance is used for mission-critical applications or by a large number of users. The vulnerability highlights the importance of rate limiting and input validation in GraphQL APIs.
Exploitation context for CVE-2025-12664 is currently unclear. No public exploits are known, but the vulnerability is relatively easy to exploit. The CVSS score is 7.5 (HIGH), indicating a significant level of severity. The vulnerability was published on 2026-04-08 by NVD. GitLab has acknowledged the issue and provided a patch.
Organizations heavily reliant on GitLab for source code management, CI/CD, and collaboration are at significant risk. Specifically, deployments with limited rate limiting or WAF protection are more vulnerable. Shared hosting environments where multiple users share the same GitLab instance are also at increased risk due to the potential for one user to impact all others.
• gitlab: Examine GitLab access logs for a high volume of GraphQL requests originating from a single IP address or user.
grep 'graphql' /var/log/gitlab/gitlab-rails/production.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -10• linux / server: Monitor system resource utilization (CPU, memory) on the GitLab server. A sudden spike in resource usage could indicate a DoS attack.
top -b -n 1 | grep gitlab• generic web: Use curl to test the GitLab GraphQL endpoint and observe response times. Unusually slow responses may indicate an ongoing attack.
curl -s -w 'Response Time: %{time_total}s
' -o /dev/null 'https://<gitlab_url>/api/graphql'disclosure
Exploit-Status
EPSS
0.05% (16% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation for CVE-2025-12664 is to upgrade GitLab CE/EE to version 18.8.9, 18.9.5, or 18.10.3 or later. Implement rate limiting on GraphQL queries to prevent abuse. Configure a Web Application Firewall (WAF) to detect and block malicious GraphQL requests. Monitor GitLab server resource utilization (CPU, memory, network) for any signs of DoS attacks. After upgrading, verify the fix by attempting to send a large number of GraphQL queries from an unauthenticated user and confirming that the server remains responsive.
Actualice GitLab a la versión 18.8.9 o posterior, 18.9.5 o posterior, o 18.10.3 o posterior para mitigar la vulnerabilidad. Esta actualización corrige una falla de validación en la cantidad especificada en la entrada que podría permitir a un usuario no autenticado causar una denegación de servicio mediante el envío de consultas GraphQL repetidas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-12664 is a denial-of-service vulnerability in GitLab allowing unauthenticated users to cause service disruption via repeated GraphQL queries.
You are affected if you are running GitLab versions 13.0.0 through 18.10.3. Upgrade to 18.10.3 or later to mitigate the risk.
The primary fix is to upgrade GitLab to version 18.10.3 or later. Temporary workarounds include rate limiting and WAF configuration.
There is currently no public evidence of active exploitation, but the ease of exploitation suggests a potential risk.
Refer to the official GitLab security advisory for CVE-2025-12664: [https://gitlab.com/security/security-advisories/CVE-2025-12664](https://gitlab.com/security/security-advisories/CVE-2025-12664)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.