CVE-2025-3601

An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/536034	Broken Link
https://hackerone.com/reports/3050155	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:18.3.0::::community:::
	cpe:2.3:a:gitlab:gitlab:18.3.0::::enterprise:::

History

02 Sep 2025, 17:49

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/536034 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/536034 - Broken Link
References	~~() https://hackerone.com/reports/3050155 -~~	() https://hackerone.com/reports/3050155 - Permissions Required
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:18.3.0::::community::: cpe:2.3:a:gitlab:gitlab:18.3.0::::enterprise:::
First Time		Gitlab gitlab Gitlab

29 Aug 2025, 16:24

Type	Values Removed	Values Added
Summary		(es) Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde la 8.15 hasta la 18.1.5, la 18.2 hasta la 18.2.5 y la 18.3 hasta la 18.3.1 que podría haber permitido que un usuario autenticado provocara una condición de denegación de servicio (DoS) al enviar URL que generan respuestas excesivamente grandes.

27 Aug 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-27 20:15

Updated : 2025-09-02 17:49

NVD link : CVE-2025-3601

Mitre link : CVE-2025-3601

CVE.ORG link : CVE-2025-3601

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2025-3601", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-08-27T20:15:32.123", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/536034", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/3050155", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses."}, {"lang": "es", "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones desde la 8.15 hasta la 18.1.5, la 18.2 hasta la 18.2.5 y la 18.3 hasta la 18.3.1 que podr\u00eda haber permitido que un usuario autenticado provocara una condici\u00f3n de denegaci\u00f3n de servicio (DoS) al enviar URL que generan respuestas excesivamente grandes."}], "lastModified": "2025-09-02T17:49:04.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "53B03500-CCAE-4A0F-B3B0-73F449C5E382", "versionEndExcluding": "18.1.5", "versionStartIncluding": "8.15.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "38CEAF45-3E99-4235-9D39-445ABFCB6414", "versionEndExcluding": "18.1.5", "versionStartIncluding": "8.15.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "7D318F06-A01A-4C04-A5CE-00347F7201C9", "versionEndExcluding": "18.2.5", "versionStartIncluding": "18.2.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "450C862F-1130-40E3-9A99-F04001558803", "versionEndExcluding": "18.2.5", "versionStartIncluding": "18.2.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.3.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "079AC183-AA7D-47D4-BE44-55A04C85426F"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.3.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "5BA9E943-C8C4-4181-A0BF-5DADFE88413D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}