CVE-2025-11042
📋 TL;DR
This vulnerability in GitLab allows attackers to execute specific GraphQL queries that cause uncontrolled CPU consumption, potentially leading to denial of service. It affects GitLab Community Edition and Enterprise Edition installations running vulnerable versions. Attackers could degrade system performance or make services unavailable.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to CPU exhaustion, affecting all users and potentially requiring system restart.
Likely Case
Degraded performance and intermittent service disruptions affecting user experience.
If Mitigated
Minimal impact with proper rate limiting, monitoring, and quick response to anomalous CPU usage.
🎯 Exploit Status
Requires knowledge of specific GraphQL queries. Likely requires authenticated access to GraphQL endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.2.7, 18.3.3, or 18.4.1
Vendor Advisory: https://gitlab.com/gitlab-org/gitlab/-/issues/550374
Restart Required: No
Instructions:
1. Backup your GitLab instance. 2. Update to patched version using your deployment method (Omnibus, Helm, source). 3. Verify update completed successfully. 4. Monitor for any issues post-update.
🔧 Temporary Workarounds
Rate Limit GraphQL Endpoints
allImplement rate limiting on GraphQL API endpoints to prevent excessive query execution.
Configure in GitLab's rate limiting settings or via reverse proxy like nginx
Restrict GraphQL Access
allLimit GraphQL API access to trusted users or networks only.
Configure firewall rules or GitLab application-level restrictions
🧯 If You Can't Patch
- Implement strict rate limiting on GraphQL endpoints
- Monitor CPU usage and set alerts for abnormal GraphQL query patterns
- Consider temporarily disabling GraphQL if not essential
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin interface or command line. If version falls within affected ranges, system is vulnerable.Check Version:
sudo gitlab-rake gitlab:env:info | grep VersionVerify Fix Applied:
Confirm GitLab version is 18.2.7, 18.3.3, 18.4.1 or later. Test GraphQL queries that previously caused high CPU usage.📡 Detection & Monitoring
Log Indicators:
- Unusually high CPU usage logs
- Multiple GraphQL queries from single source
- Slow response times in application logs
Network Indicators:
- High volume of POST requests to /api/graphql endpoint
- Abnormal traffic patterns to GraphQL API
SIEM Query:
source="gitlab" AND ("graphql" OR "/api/graphql") AND (cpu_usage>90 OR response_time>5000)