此页面尚未翻译为您的语言。我们正在努力翻译,目前显示英文内容。
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2025-14869 describes a denial-of-service vulnerability discovered in GitLab Community Edition (CE) and Enterprise Edition (EE). This flaw allows an unauthenticated user to trigger a DoS condition by exploiting specific API endpoints with specially crafted payloads. The vulnerability impacts versions 18.5.0 through 18.11.3 and is resolved in version 18.11.3.
影响与攻击场景翻译中…
Successful exploitation of CVE-2025-14869 can lead to a denial-of-service condition, rendering affected GitLab instances unavailable to legitimate users. An attacker could repeatedly send malicious payloads, overwhelming the server's resources and causing it to crash or become unresponsive. The impact extends beyond simple service disruption; prolonged DoS attacks can hinder critical development workflows, impact CI/CD pipelines, and potentially lead to data loss if recovery is delayed. While the vulnerability requires no authentication, the attacker needs to be able to reach the targeted API endpoints, which might be restricted by firewalls or network configurations.
利用背景翻译中…
CVE-2025-14869 was published on 2026-05-14. The vulnerability's impact is considered high due to the potential for widespread service disruption. No public exploits or active campaigns have been reported at the time of writing. The vulnerability is not currently listed on KEV or EPSS, suggesting a low probability of immediate exploitation, but proactive patching is still recommended.
威胁情报
漏洞利用状态
CVSS 向量
这些指标意味着什么?
- Attack Vector
- 网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
- Attack Complexity
- 低 — 无需特殊条件,可以稳定地利用漏洞。
- Privileges Required
- 无 — 无需认证,无需凭证即可利用。
- User Interaction
- 无 — 攻击自动且无声,受害者无需任何操作。
- Scope
- 未改变 — 影响仅限于脆弱组件本身。
- Confidentiality
- 无 — 无机密性影响。
- Integrity
- 无 — 无完整性影响。
- Availability
- 高 — 完全崩溃或资源耗尽,完全拒绝服务。
受影响的软件
弱点分类 (CWE)
时间线
- 已保留
- 发布日期
缓解措施和替代方案翻译中…
The primary mitigation for CVE-2025-14869 is to upgrade GitLab to version 18.11.3 or later. If immediate upgrading is not feasible, consider implementing rate limiting on the affected API endpoints to restrict the number of requests from a single source within a given timeframe. Web Application Firewalls (WAFs) configured to detect and block malicious payloads targeting API endpoints can also provide a temporary layer of protection. Review GitLab's network configuration to ensure only authorized traffic can access the API endpoints.
修复方法翻译中…
Actualice GitLab a la versión 18.9.7 o superior, 18.10.6 o superior, o 18.11.3 o superior para mitigar la vulnerabilidad. Esta actualización corrige una falla de validación de cantidad en ciertos puntos finales de la API que podría permitir a un usuario no autenticado causar una denegación de servicio.
常见问题翻译中…
What is CVE-2025-14869 — DoS in GitLab?
CVE-2025-14869 is a denial-of-service vulnerability in GitLab CE/EE allowing unauthenticated users to disrupt service by sending crafted payloads to specific API endpoints. It affects versions 18.5.0–18.11.3 and is rated HIGH severity.
Am I affected by CVE-2025-14869 in GitLab?
You are affected if you are running GitLab CE/EE versions 18.5.0 through 18.11.3. Upgrade to 18.11.3 or later to mitigate the risk.
How do I fix CVE-2025-14869 in GitLab?
The recommended fix is to upgrade GitLab to version 18.11.3 or a later version. As a temporary workaround, implement rate limiting on affected API endpoints.
Is CVE-2025-14869 being actively exploited?
Currently, there are no reports of CVE-2025-14869 being actively exploited, but proactive patching is still recommended to prevent potential future attacks.
Where can I find the official GitLab advisory for CVE-2025-14869?
Refer to the official GitLab security advisory for CVE-2025-14869 on the GitLab website: [https://gitlab.com/security/advisories/](https://gitlab.com/security/advisories/)
立即试用 — 无需账户
上传任何清单文件 (composer.lock, package-lock.json, WordPress 插件列表…) 或粘贴您的组件列表。您立即获得一份漏洞报告。上传文件只是开始:拥有账户后,您将获得持续监控、Slack/电子邮件警报、多项目和白标报告。
拖放您的依赖文件
composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...