CVE-2025-2256

Sažetak

An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses.

Reference

https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/524633
https://hackerone.com/reports/3019485

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Zadnje važnije ažuriranje

12-09-2025 - 06:15

Objavljeno

12-09-2025 - 06:15