CVE-2025-14511 – An unauthenticated attacker can cause denial of... (How to Fix)

Q: What is the severity of CVE-2025-14511?

CVE-2025-14511 has a CVSS score of 7.5 (HIGH). An unauthenticated attacker can cause denial of service in GitLab by sending specially crafted files to the container registry event endpoint. This affects all GitLab CE/EE installations with vulnerable versions, potentially disrupting service availability.

📋 TL;DR

An unauthenticated attacker can cause denial of service in GitLab by sending specially crafted files to the container registry event endpoint. This affects all GitLab CE/EE installations with vulnerable versions, potentially disrupting service availability.

💻 Affected Systems

Products:

GitLab Community Edition
GitLab Enterprise Edition

Versions: 12.2 to 18.7.4, 18.8.0 to 18.8.4, 18.9.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments with container registry enabled and exposed to network access.

📦 What is this software?

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

Gitlab by Gitlab

GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...

Learn more about Gitlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service unavailability for all GitLab users, disrupting development workflows, CI/CD pipelines, and container registry operations.

🟠

Likely Case

Temporary service degradation or outages affecting container registry functionality and related services.

🟢

If Mitigated

Minimal impact with proper network controls and rate limiting in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted files to specific endpoint but no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.7.5, 18.8.5, or 18.9.1

Vendor Advisory: https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/

Restart Required: Yes

Instructions:

1. Backup GitLab instance. 2. Update to patched version using package manager. 3. Restart GitLab services. 4. Verify update completed successfully.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict access to container registry endpoints to trusted IPs only

# Configure firewall rules to limit access to /api/v4/container_registry_event

Rate Limiting

linux

Implement rate limiting on container registry endpoints

# Configure nginx or load balancer rate limiting for vulnerable endpoints

🧯 If You Can't Patch

Implement strict network segmentation and firewall rules to limit access to GitLab container registry endpoints
Deploy WAF with DoS protection rules and monitor for abnormal traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check GitLab version against affected ranges: 12.2-18.7.4, 18.8.0-18.8.4, or 18.9.0

Check Version:

sudo gitlab-rake gitlab:env:info | grep 'GitLab version'

Verify Fix Applied:

Confirm GitLab version is 18.7.5+, 18.8.5+, or 18.9.1+

📡 Detection & Monitoring

Log Indicators:

High volume of requests to /api/v4/container_registry_event
Error logs showing malformed file processing failures
Increased resource utilization alerts

Network Indicators:

Unusual traffic patterns to container registry endpoints
Multiple connection attempts from single IPs
Large file uploads to registry event endpoint

SIEM Query:

source="gitlab" AND (uri_path="/api/v4/container_registry_event" AND status>=500) | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-14511

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-1284

Published: February 25, 2026

Last Updated: February 28, 2026

🔗 References

https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/ Release Notes,Vendor Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/583717 Broken Link
https://hackerone.com/reports/3452200 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14511, you might also want to check these: