CVE-2025-11974 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2025-11974?

CVE-2025-11974 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows unauthenticated attackers to cause denial of service by uploading large files to specific GitLab API endpoints. All GitLab CE/EE instances running affected versions are vulnerable. The attack requires no authentication and can disrupt GitLab service availability.

📋 TL;DR

This vulnerability allows unauthenticated attackers to cause denial of service by uploading large files to specific GitLab API endpoints. All GitLab CE/EE instances running affected versions are vulnerable. The attack requires no authentication and can disrupt GitLab service availability.

💻 Affected Systems

Products:

GitLab Community Edition
GitLab Enterprise Edition

Versions: 11.7 to 18.3.4, 18.4.0 to 18.4.2, 18.5.0

Operating Systems: All platforms running GitLab

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability for GitLab, preventing code repository access, CI/CD pipelines, and collaboration features for all users.

🟠

Likely Case

Temporary service degradation or unavailability during attack, impacting development workflows and productivity.

🟢

If Mitigated

Minimal impact with proper rate limiting, file size restrictions, and network controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires no authentication and involves simple file upload operations to specific API endpoints.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.3.5, 18.4.3, or 18.5.1

Vendor Advisory: https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/

Restart Required: No

Instructions:

1. Backup your GitLab instance. 2. Update to GitLab 18.3.5, 18.4.3, or 18.5.1 depending on your current version. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Implement API rate limiting

all

Configure rate limiting on API endpoints to prevent excessive upload requests

Edit GitLab configuration file and set appropriate rate limits

Restrict file upload sizes

all

Configure maximum file size limits for uploads

Set appropriate limits in GitLab configuration

🧯 If You Can't Patch

Implement network-level controls to restrict access to GitLab API endpoints
Deploy WAF rules to detect and block large file upload patterns

🔍 How to Verify

Check if Vulnerable:

Check GitLab version using the admin interface or command line

Check Version:

sudo gitlab-rake gitlab:env:info | grep Version

Verify Fix Applied:

Verify GitLab version is 18.3.5, 18.4.3, or 18.5.1 or higher

📡 Detection & Monitoring

Log Indicators:

Large file uploads to API endpoints
Unusual number of upload requests from single IP
API endpoint timeouts or errors

Network Indicators:

High bandwidth consumption from upload requests
Multiple large POST requests to GitLab API

SIEM Query:

source="gitlab" AND ("upload" OR "POST") AND size>100MB

📊 Metadata

CVE ID: CVE-2025-11974

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.05% exploit probability (14.5th percentile)

Published: October 27, 2025

Last Updated: October 28, 2025

🔗 References

https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/ Release Notes,Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/571761 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11974, you might also want to check these: