Scanner gratuitement

Cette page n'a pas encore été traduite dans votre langue. Affichage du contenu en anglais pendant que nous y travaillons.

💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.

HIGHCVE-2025-14869CVSS 7.5

CVE-2025-14869: DoS in GitLab

Plateforme

gitlab

Composant

gitlab

Corrigé dans

18.11.3

Voir sur NVD
Sauvegarder
Traduction vers votre langue…

CVE-2025-14869 describes a denial-of-service vulnerability discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw allows an unauthenticated user to trigger a DoS condition by exploiting specific API endpoints with specially crafted payloads. The vulnerability impacts versions 18.5.0 through 18.11.3 and is resolved in version 18.11.3.

Impact et Scénarios d'Attaquetraduction en cours…

Successful exploitation of CVE-2025-14869 can lead to a denial-of-service condition, rendering affected GitLab instances unavailable to legitimate users. An attacker could repeatedly send malicious payloads, overwhelming the server's resources and causing it to crash or become unresponsive. The impact extends beyond simple service disruption; prolonged DoS attacks can hinder critical development workflows, impact CI/CD pipelines, and potentially lead to data loss if recovery is delayed. While the vulnerability requires no authentication, the attacker needs to be able to reach the targeted API endpoints, which might be restricted by firewalls or network configurations.

Contexte d'Exploitationtraduction en cours…

CVE-2025-14869 was published on 2026-05-14. The vulnerability's impact is considered high due to the potential for widespread service disruption. No public exploits or active campaigns have been reported at the time of writing. The vulnerability is not currently listed on KEV or EPSS, suggesting a low probability of immediate exploitation, but proactive patching is still recommended.

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu
CISA KEVNO
Exposition InternetÉlevée

Vecteur CVSS

RENSEIGNEMENT SUR LES MENACES· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H7.5HIGHAttack VectorNetworkComment l'attaquant atteint la cibleAttack ComplexityLowConditions requises pour exploiterPrivileges RequiredNoneNiveau d'authentification requisUser InteractionNoneSi une action de la victime est requiseScopeUnchangedImpact au-delà du composant affectéConfidentialityNoneRisque d'exposition de données sensiblesIntegrityNoneRisque de modification non autorisée de donnéesAvailabilityHighRisque d'interruption de servicenextguardhq.com · Score de base CVSS v3.1
Que signifient ces métriques?
Attack Vector
Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
Attack Complexity
Faible — aucune condition spéciale requise. Exploitable de manière fiable.
Privileges Required
Aucun — sans authentification. Aucune identifiant requis pour exploiter.
User Interaction
Aucune — attaque automatique et silencieuse. La victime ne fait rien.
Scope
Inchangé — impact limité au composant vulnérable.
Confidentiality
Aucun — aucun impact sur la confidentialité.
Integrity
Aucun — aucun impact sur l'intégrité.
Availability
Élevé — panne complète ou épuisement des ressources. Déni de service total.

Logiciel Affecté

Composantgitlab
FournisseurGitLab
Version minimale18.5.0
Version maximale18.11.3
Corrigé dans18.11.3

Classification de Faiblesse (CWE)

CWE-1284

Chronologie

  1. Réservé
  2. Publiée

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2025-14869 is to upgrade GitLab to version 18.11.3 or later. If immediate upgrading is not feasible, consider implementing rate limiting on the affected API endpoints to restrict the number of requests from a single source within a given timeframe. Web Application Firewalls (WAFs) configured to detect and block malicious payloads targeting API endpoints can also provide a temporary layer of protection. Review GitLab's network configuration to ensure only authorized traffic can access the API endpoints.

Comment corrigertraduction en cours…

Actualice GitLab a la versión 18.9.7 o superior, 18.10.6 o superior, o 18.11.3 o superior para mitigar la vulnerabilidad. Esta actualización corrige una falla de validación de cantidad en ciertos puntos finales de la API que podría permitir a un usuario no autenticado causar una denegación de servicio.

Questions fréquentestraduction en cours…

What is CVE-2025-14869 — DoS in GitLab?

CVE-2025-14869 is a denial-of-service vulnerability in GitLab CE/EE allowing unauthenticated users to disrupt service by sending crafted payloads to specific API endpoints. It affects versions 18.5.0–18.11.3 and is rated HIGH severity.

Am I affected by CVE-2025-14869 in GitLab?

You are affected if you are running GitLab CE/EE versions 18.5.0 through 18.11.3. Upgrade to 18.11.3 or later to mitigate the risk.

How do I fix CVE-2025-14869 in GitLab?

The recommended fix is to upgrade GitLab to version 18.11.3 or a later version. As a temporary workaround, implement rate limiting on affected API endpoints.

Is CVE-2025-14869 being actively exploited?

Currently, there are no reports of CVE-2025-14869 being actively exploited, but proactive patching is still recommended to prevent potential future attacks.

Where can I find the official GitLab advisory for CVE-2025-14869?

Refer to the official GitLab security advisory for CVE-2025-14869 on the GitLab website: [https://gitlab.com/security/advisories/](https://gitlab.com/security/advisories/)

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitementRechercher des CVE
en directfree scan

Essayez maintenant — sans compte

scanZone.subtitle

Scan manuelSlack/email alertsContinuous monitoringWhite-label reports

Glissez-déposez votre fichier de dépendances

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...