CVE-2025-10004 – This vulnerability allows attackers to send spe... (How to Fix)

Q: What is the severity of CVE-2025-10004?

CVE-2025-10004 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to send specially crafted GraphQL queries that request large repository blobs, causing GitLab instances to become unresponsive or severely degraded. It affects all GitLab CE/EE instances running vulnerable versions. The attack can be performed by any user with access to the GraphQL endpoint.

📋 TL;DR

This vulnerability allows attackers to send specially crafted GraphQL queries that request large repository blobs, causing GitLab instances to become unresponsive or severely degraded. It affects all GitLab CE/EE instances running vulnerable versions. The attack can be performed by any user with access to the GraphQL endpoint.

💻 Affected Systems

Products:

GitLab Community Edition
GitLab Enterprise Edition

Versions: 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with GraphQL enabled (default) are vulnerable. Self-managed and GitLab.com SaaS are both affected.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service making GitLab unavailable for all users, potentially disrupting development workflows and CI/CD pipelines.

🟠

Likely Case

Severe performance degradation leading to timeouts, failed builds, and user frustration.

🟢

If Mitigated

Minimal impact with proper rate limiting, query complexity limits, and monitoring in place.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly accessible to attackers without network perimeter controls.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable to authenticated users or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple - just sending crafted GraphQL queries. The HackerOne report suggests active research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.2.9, 18.3.5, 18.4.3 or later

Vendor Advisory: https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab 18.2.9, 18.3.5, or 18.4.3+. 3. Restart GitLab services. 4. Verify the update with 'gitlab-rake gitlab:env:info'.

🔧 Temporary Workarounds

Rate Limit GraphQL Queries

linux

Implement rate limiting on GraphQL endpoints to prevent abuse

# Configure in gitlab.rb:
# gitlab_rails['rate_limiting_response_text'] = 'Too many requests'
# gitlab_rails['rate_limit_gitlab_api_enabled'] = true
# gitlab_rails['rate_limit_gitlab_api_requests_per_period'] = 10
# gitlab_rails['rate_limit_gitlab_api_period_in_seconds'] = 60

Restrict GraphQL Access

linux

Limit GraphQL endpoint access to trusted networks or users only

# Use web server config (nginx example):
# location /api/graphql {
#   allow 10.0.0.0/8;
#   deny all;
#   proxy_pass http://gitlab-workhorse;
# }

🧯 If You Can't Patch

Implement strict network ACLs to limit GraphQL endpoint access to trusted sources only
Enable comprehensive monitoring for unusual GraphQL query patterns and performance degradation

🔍 How to Verify

Check if Vulnerable:

Check GitLab version with 'sudo gitlab-rake gitlab:env:info' and compare against affected ranges

Check Version:

sudo gitlab-rake gitlab:env:info | grep -i version

Verify Fix Applied:

Verify version is 18.2.9+, 18.3.5+, or 18.4.3+ and test GraphQL queries return normal responses

📡 Detection & Monitoring

Log Indicators:

Unusually large GraphQL queries in production.log
Increased memory/CPU usage patterns
Timeout errors in sidekiq logs

Network Indicators:

Spike in POST requests to /api/graphql endpoint
Large response sizes from GraphQL queries

SIEM Query:

source="gitlab" AND (uri_path="/api/graphql" AND (response_size>1000000 OR duration>10s))

📊 Metadata

CVE ID: CVE-2025-10004

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.08% exploit probability (22.5th percentile)

Published: October 9, 2025

Last Updated: October 20, 2025

🔗 References

https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/ Release Notes,Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/568121 Broken Link
https://hackerone.com/reports/3026555 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10004, you might also want to check these: