CVE-2025-12576

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/	Release Notes Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/work_items/579170	Broken Link
https://hackerone.com/reports/3395198	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

History

18 Mar 2026, 13:35

Type	Values Removed	Values Added
First Time		Gitlab Gitlab gitlab
References	~~() https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/ -~~	() https://about.gitlab.com/releases/2026/03/11/patch-release-gitlab-18-9-2-released/ - Release Notes, Vendor Advisory
References	~~() https://gitlab.com/gitlab-org/gitlab/-/work_items/579170 -~~	() https://gitlab.com/gitlab-org/gitlab/-/work_items/579170 - Broken Link
References	~~() https://hackerone.com/reports/3395198 -~~	() https://hackerone.com/reports/3395198 - Permissions Required
Summary		(es) GitLab ha remediado un problema en GitLab CE/EE que afecta a todas las versiones desde la 9.3 anterior a la 18.7.6, la 18.8 anterior a la 18.8.6, y la 18.9 anterior a la 18.9.2 que bajo ciertas condiciones podría haber permitido a un usuario autenticado causar una denegación de servicio debido a un manejo inadecuado de los datos de respuesta de los webhooks.
CPE		cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:::::community:::*

11 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-11 16:16

Updated : 2026-03-18 13:35

NVD link : CVE-2025-12576

Mitre link : CVE-2025-12576

CVE.ORG link : CVE-2025-12576

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

6.5 /10