CVE-2025-10094 – Authenticated users in GitLab can create tokens... (How to Fix)

Q: What is the severity of CVE-2025-10094?

CVE-2025-10094 has a CVSS score of 6.5 (MEDIUM). Authenticated users in GitLab can create tokens with excessively large names, causing disruption to token listing and administrative operations. This affects GitLab CE/EE instances running vulnerable versions, potentially impacting administrators' ability to manage tokens.

📋 TL;DR

Authenticated users in GitLab can create tokens with excessively large names, causing disruption to token listing and administrative operations. This affects GitLab CE/EE instances running vulnerable versions, potentially impacting administrators' ability to manage tokens.

💻 Affected Systems

Products:

GitLab Community Edition
GitLab Enterprise Edition

Versions: 10.7 to 18.1.5, 18.2 to 18.2.5, 18.3 to 18.3.1

Operating Systems: All platforms running GitLab

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with vulnerable versions are affected regardless of configuration. Requires authenticated user access.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service affecting token management functionality, preventing administrators from viewing, managing, or revoking tokens, potentially leading to operational disruption.

🟠

Likely Case

Temporary disruption to token listing pages and administrative interfaces, requiring manual intervention or restart to restore functionality.

🟢

If Mitigated

Minimal impact with proper access controls limiting who can create tokens and monitoring for abnormal token creation patterns.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple - just creating a token with a very large name.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.1.6, 18.2.6, or 18.3.2

Vendor Advisory: https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/

Restart Required: No

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab 18.1.6, 18.2.6, or 18.3.2 depending on your current version. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict token creation permissions

all

Limit which users can create tokens to trusted administrators only

Monitor token creation

all

Implement monitoring for unusually large token names or excessive token creation

🧯 If You Can't Patch

Restrict token creation to administrators only
Implement rate limiting on token creation endpoints

🔍 How to Verify

Check if Vulnerable:

Check GitLab version via admin interface or command line

Check Version:

sudo gitlab-rake gitlab:env:info | grep Version

Verify Fix Applied:

Verify version is 18.1.6, 18.2.6, or 18.3.2 or later

📡 Detection & Monitoring

Log Indicators:

Unusually large token names in audit logs
Multiple token creation attempts from single user

Network Indicators:

Increased API calls to token creation endpoints

SIEM Query:

source="gitlab" AND (event="token_created" AND token_name.length > 1000)

📊 Metadata

CVE ID: CVE-2025-10094

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1284

EPSS Score: 0.03% exploit probability (8.7th percentile)

Published: September 12, 2025

Last Updated: September 20, 2025

🔗 References

https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/ Release Notes,Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/528469 Broken Link
https://hackerone.com/reports/3049089 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10094, you might also want to check these: