CNNVD-202508-3171 Information

Aug 27, 2025 cve

CNNVD ID

CNNVD-202508-3171

CVE-2025-4225

CNNVD Published: 2025-08-27

Description (Chinese)

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE）都是美国GitLab公司的产品。GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是一种社区版 GitLab 。 GitLab CE/EE 14.1至18.1.5之前版本、18.2 18.2.5之前版本和18.3 18.3.1之前版本存在安全漏洞，该漏洞源于GraphQL请求处理不当，可能导致拒绝服务攻击。

Description (English)

GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) are products of the United States company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There is a security loophole in Gitlab CE/EE 14.1 to 18.1.5, 18.2 18.2.5 and 18.3 18.3.1, which stems from the inappropriate handling of GramphQL requests, which may lead to denial of service attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

GitLab

Published

2025-08-27

Last Modified

2026-02-24

References

https://hackerone.com/reports/3100624 https://gitlab.com/gitlab-org/gitlab/-/issues/538983 https://nvd.nist.gov/vuln/detail/CVE-2025-4225

Patch

https://about.gitlab.com/

Share on: