CVE-2025-13335 – This vulnerability allows authenticated users i... (How to Fix)

Q: What is the severity of CVE-2025-13335?

CVE-2025-13335 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows authenticated users in GitLab to create malformed Wiki documents that bypass cycle detection, potentially causing a denial of service (DoS) condition. It affects GitLab Community Edition (CE) and Enterprise Edition (EE) installations running specific vulnerable versions, requiring user authentication for exploitation.

📋 TL;DR

This vulnerability allows authenticated users in GitLab to create malformed Wiki documents that bypass cycle detection, potentially causing a denial of service (DoS) condition. It affects GitLab Community Edition (CE) and Enterprise Edition (EE) installations running specific vulnerable versions, requiring user authentication for exploitation.

💻 Affected Systems

Products:

GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)

Versions: All versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2

Operating Systems: All supported OS for GitLab

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments (self-managed and GitLab.com) with Wiki functionality enabled; requires authenticated user access.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could cause prolonged service unavailability by repeatedly exploiting this to exhaust server resources, disrupting all GitLab operations for users.

🟠

Likely Case

Targeted or accidental DoS attacks degrading Wiki functionality and potentially affecting overall GitLab performance for authenticated users.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to temporary Wiki disruptions, as exploitation requires authentication and may be detected.

🌐 Internet-Facing: MEDIUM, as internet-facing instances are accessible to attackers but require authenticated access, reducing widespread exploitation risk.

🏢 Internal Only: MEDIUM, as internal instances could be exploited by malicious insiders or compromised accounts, but authentication still limits scope.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW, as it involves configuring malformed Wiki documents, but requires authenticated access.

Exploitation details are referenced in HackerOne report 3418023, but no public proof-of-concept is confirmed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.6.4, 18.7.2, or 18.8.2

Vendor Advisory: https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/

Restart Required: Yes

Instructions:

1. Backup your GitLab instance. 2. Update GitLab to version 18.6.4, 18.7.2, or 18.8.2 using your package manager (e.g., apt for Ubuntu: sudo apt update && sudo apt install gitlab-ce=18.8.2). 3. Restart GitLab services: sudo gitlab-ctl restart.

🔧 Temporary Workarounds

Restrict Wiki access

all

Limit Wiki creation and editing permissions to trusted users only to reduce attack surface.

Monitor for anomalies

all

Set up monitoring for unusual Wiki activity or resource usage spikes that may indicate exploitation attempts.

🧯 If You Can't Patch

Implement strict access controls to limit Wiki functionality to essential users only.
Deploy rate limiting or WAF rules to block excessive Wiki requests that could trigger the DoS condition.

🔍 How to Verify

Check if Vulnerable:

Check your GitLab version; if it falls within the affected ranges (e.g., 17.1 to 18.6.3, 18.7.0 to 18.7.1, or 18.8.0 to 18.8.1), you are vulnerable.

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'GitLab version'

Verify Fix Applied:

After patching, confirm the version is 18.6.4, 18.7.2, or 18.8.2 and test Wiki functionality for normal operation without DoS symptoms.

📡 Detection & Monitoring

Log Indicators:

Unusual spikes in Wiki-related logs, errors related to cycle detection, or authentication logs from suspicious users creating Wiki documents.

Network Indicators:

Increased HTTP requests to Wiki endpoints, especially POST requests for document creation or updates.

SIEM Query:

source="gitlab.log" AND ("wiki" OR "cycle detection") AND status>=400

📊 Metadata

CVE ID: CVE-2025-13335

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-835

EPSS Score: 0.01% exploit probability (0.4th percentile)

Published: January 22, 2026

Last Updated: January 26, 2026

🔗 References

https://about.gitlab.com/releases/2026/01/21/patch-release-gitlab-18-8-2-released/ Release Notes,Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/581060 Broken Link
https://hackerone.com/reports/3418023 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-13335, you might also want to check these: