CVE-2025-8014

Published Sep 27, 2025

Last updated 7 months ago

CVSS high 7.5
graphql

Overview

Description
Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption.
Source
cve@gitlab.com
NVD status
Analyzed
Products
gitlab

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

cve@gitlab.com
CWE-770

Social media

Hype score
Not currently trending

  1. ⚠️Vulnerabilidades corregidas en GitLab ❗CVE-2025-10858 ❗CVE-2025-8014 ➡️Más info: https://t.co/bpGfFQ9iwO https://t.co/r7Y8O87TpU

    @CERTpy

    30 Sept 2025

    145 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. GitLab GraphQL DoS: Patch Now A new DoS vuln (CVE-2025-8014) in GitLab's GraphQL API can take your service offline fast. Update to the latest version to stay safe. For more details, read ZeroPath's blog on this vuln. #AppSec #GitLab #InfoSec https://t.co/ppHQEme62P

    @ZeroPathLabs

    27 Sept 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-8014 Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows un… https://t.co/8VWBwuNjlY

    @CVEnew

    27 Sept 2025

    449 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection.CVE-2026-4922
  2. GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or incorrectly scoped credentials to access Virtual Registries under certain conditions.CVE-2026-6515
  3. GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an unauthenticated user to access tokens in the Storybook development environment due to improper input validation.CVE-2026-5262
  4. GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in public projects due to improper access control in the issue description rendering process.CVE-2026-5377
  5. GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions.CVE-2026-5816

References

Sources include official advisories and independent security research.