CVE-2025-3601 MEDIUM

CVE-2025-3601: Allocation of Resources Without Limits or Throttling in GitLab

Vendor Gitlab
Product GitLab
Weakness CWE-770 · Uncontrolled resource consumption
Published August 27, 2025
Last update August 27, 2025
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to cause a Denial of Service (DoS) condition by submitting URLs that generate excessively large responses.

Key dates

02Disclosure timeline

August 27, 2025 CVE published
August 27, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-6176 Port scanning vulnerability in LG SuperSign CMS CVE-2023-28428 PDFio vulnerable to Denial Of Service when opening a corrupt PDF file CVE-2022-3364 No limit in length of "Fullname" parameter results in DOS attack /memory corruption in ikus060/rdiffweb prior to 2.5.0a3 in ikus060/rdiffweb CVE-2025-31990 HCL DevOps Velocity is susceptible to a Denial of Service vulnerability CVE-2023-22740 Discourse vulnerable to Allocation of Resources Without Limits via Chat drafts