CVE-2025-1478

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/gitlab-org/gitlab/-/issues/520354	Broken Link
https://hackerone.com/reports/2987444	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:18.0.0::::community:::
	cpe:2.3:a:gitlab:gitlab:18.0.0::::enterprise:::

History

08 Aug 2025, 18:30

Type	Values Removed	Values Added
References	~~() https://gitlab.com/gitlab-org/gitlab/-/issues/520354 -~~	() https://gitlab.com/gitlab-org/gitlab/-/issues/520354 - Broken Link
References	~~() https://hackerone.com/reports/2987444 -~~	() https://hackerone.com/reports/2987444 - Permissions Required
CPE		cpe:2.3:a:gitlab:gitlab:::::community:::* cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:18.0.0::::community::: cpe:2.3:a:gitlab:gitlab:18.0.0::::enterprise:::
Summary		(es) Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones (desde la 8.13 hasta la 17.10.7), la 17.11 hasta la 17.11.3 y la 18.0 hasta la 18.0.1. La falta de validación de entrada en los nombres de los foros podría utilizarse para desencadenar una denegación de servicio.
First Time		Gitlab Gitlab gitlab

12 Jun 2025, 10:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-12 10:16

Updated : 2025-08-08 18:30

NVD link : CVE-2025-1478

Mitre link : CVE-2025-1478

CVE.ORG link : CVE-2025-1478

JSON object : View

Products Affected

gitlab

gitlab

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2025-1478", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@gitlab.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-06-12T10:16:28.033", "references": [{"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/520354", "tags": ["Broken Link"], "source": "cve@gitlab.com"}, {"url": "https://hackerone.com/reports/2987444", "tags": ["Permissions Required"], "source": "cve@gitlab.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cve@gitlab.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service."}, {"lang": "es", "value": "Se ha descubierto un problema en GitLab CE/EE que afecta a todas las versiones (desde la 8.13 hasta la 17.10.7), la 17.11 hasta la 17.11.3 y la 18.0 hasta la 18.0.1. La falta de validaci\u00f3n de entrada en los nombres de los foros podr\u00eda utilizarse para desencadenar una denegaci\u00f3n de servicio."}], "lastModified": "2025-08-08T18:30:27.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "FF75FCAB-85C6-4136-A0FE-B1431C44FCE7", "versionEndExcluding": "17.10.7", "versionStartIncluding": "8.13.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "486EB975-2DD8-41E5-AE6C-B7D2C6008374", "versionEndExcluding": "17.10.7", "versionStartIncluding": "8.13.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "194F7832-AEB6-4CD4-8CA8-81D8BF1666C9", "versionEndExcluding": "17.11.3", "versionStartIncluding": "17.11.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "85308EBB-8AB6-4344-9944-D124878DA138", "versionEndExcluding": "17.11.3", "versionStartIncluding": "17.11.0"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.0.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F28C32-4C21-4EE4-985C-34BD8C9FE300"}, {"criteria": "cpe:2.3:a:gitlab:gitlab:18.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "52187A72-1412-48DE-90DD-2948630CFC19"}], "operator": "OR"}]}], "sourceIdentifier": "cve@gitlab.com"}