CVE-2025-10858
📋 TL;DR
This vulnerability allows unauthenticated attackers to cause a Denial of Service (DoS) condition in GitLab by uploading specially crafted large JSON files. The attack requires no authentication and affects all GitLab CE/EE instances running vulnerable versions. This could render GitLab services unavailable to legitimate users.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability for all GitLab users, potentially disrupting development workflows, CI/CD pipelines, and code collaboration across the organization.
Likely Case
Temporary service degradation or outages affecting GitLab web interface, API, and Git operations until the attack stops or system resources are restored.
If Mitigated
Minimal impact with proper rate limiting, file upload restrictions, and network controls in place to block malicious requests.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it requires no authentication and involves uploading crafted files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.2.7, 18.3.3, or 18.4.1
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/570034
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 18.2.7, 18.3.3, or 18.4.1 using your package manager. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Rate Limit File Uploads
linuxConfigure rate limiting for file upload endpoints to prevent abuse.
Edit /etc/gitlab/gitlab.rb and add: nginx['rate_limit_zone_size'] = '10m'; nginx['rate_limit'] = '10r/s'
Run: sudo gitlab-ctl reconfigure
Restrict JSON File Uploads
allBlock or limit JSON file uploads through web application firewall or reverse proxy.
Add WAF rule to block large JSON uploads or limit content-type application/json
🧯 If You Can't Patch
- Implement network-level controls to block or rate limit requests to GitLab upload endpoints from untrusted sources.
- Deploy a web application firewall (WAF) with rules to detect and block large JSON file upload attempts.
🔍 How to Verify
Check if Vulnerable:
Check your GitLab version against affected versions: all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'Version:'Verify Fix Applied:
Confirm GitLab version is 18.2.7, 18.3.3, or 18.4.1 or later.📡 Detection & Monitoring
Log Indicators:
- Unusually large JSON file uploads in GitLab logs
- Multiple failed upload attempts from single IPs
- High memory/CPU usage alerts during uploads
Network Indicators:
- Spike in traffic to GitLab upload endpoints
- Multiple POST requests with large JSON payloads
SIEM Query:
source="gitlab.log" AND ("upload" AND "json" AND size>1000000)