CVE-2025-0993
📋 TL;DR
This vulnerability in GitLab CE/EE allows authenticated attackers to trigger a denial of service by exhausting server resources. All GitLab instances running affected versions are vulnerable, requiring attackers to have valid user credentials to exploit the issue.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability for all GitLab users, potentially requiring manual intervention to restore service.
Likely Case
Degraded performance or temporary service interruptions affecting multiple users.
If Mitigated
Minimal impact with proper rate limiting, resource monitoring, and authentication controls in place.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 17.10.7, 17.11.3, or 18.0.1
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/516927
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to patched version using your package manager. 3. Restart GitLab services. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Rate Limiting
allImplement rate limiting on authenticated endpoints to prevent resource exhaustion attacks.
# Configure in GitLab configuration file (gitlab.rb)
nginx['rate_limit_requests_per_period'] = 10
nginx['rate_limit_period'] = '1s'
Resource Monitoring
linuxSet up monitoring and alerts for unusual resource consumption patterns.
# Monitor system resources
top -b -n 1 | grep -E '(gitlab|ruby)'
# Check GitLab logs for unusual activity
tail -f /var/log/gitlab/gitlab-rails/production.log
🧯 If You Can't Patch
- Implement strict authentication controls and monitor for credential compromise.
- Deploy network-level rate limiting and resource monitoring with automatic alerting.
🔍 How to Verify
Check if Vulnerable:
Check GitLab version against affected ranges: all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab Version'Verify Fix Applied:
Confirm GitLab version is 17.10.7, 17.11.3, 18.0.1 or later, and monitor for resource exhaustion patterns.📡 Detection & Monitoring
Log Indicators:
- Unusually high request rates from single authenticated users
- Spikes in memory/CPU usage correlated with user activity
- Error logs showing resource exhaustion messages
Network Indicators:
- High volume of authenticated requests to specific endpoints
- Abnormal traffic patterns from authenticated sessions
SIEM Query:
source="gitlab" ("resource exhausted" OR "memory limit" OR "CPU spike") AND user_id=*