CVE-2025-4097
📋 TL;DR
This vulnerability in GitLab allows authenticated users to upload specially crafted images that cause a denial of service condition. It affects GitLab Community Edition and Enterprise Edition installations running vulnerable versions. The attack requires authentication but could disrupt GitLab service availability.
💻 Affected Systems
- GitLab Community Edition
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability of GitLab instance, disrupting all Git operations, CI/CD pipelines, and collaboration features for all users.
Likely Case
Temporary service degradation or crashes affecting some users, requiring administrator intervention to restart services.
If Mitigated
Minimal impact with proper image upload restrictions and monitoring in place, allowing quick detection and response.
🎯 Exploit Status
Exploitation requires authenticated access but appears straightforward based on the CWE-770 (Allocation of Resources Without Limits or Throttling) classification.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.4.6, 18.5.4, or 18.6.2
Vendor Advisory: https://about.gitlab.com/releases/2025/12/10/patch-release-gitlab-18-6-2-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab 18.4.6, 18.5.4, or 18.6.2 depending on your current version track. 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict image uploads
allDisable or restrict image upload functionality for non-administrative users
# Configure in GitLab admin settings or via application configuration
Implement rate limiting
allAdd rate limiting on image upload endpoints to prevent resource exhaustion
# Configure via web server (nginx/apache) or application-level rate limiting
🧯 If You Can't Patch
- Implement strict access controls and monitor for suspicious image upload activity
- Deploy WAF rules to block malicious image upload patterns and implement resource limits
🔍 How to Verify
Check if Vulnerable:
Check GitLab version via admin interface or by running: sudo gitlab-rake gitlab:env:infoCheck Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab Version'Verify Fix Applied:
Confirm version is 18.4.6, 18.5.4, or 18.6.2 or higher, and test image upload functionality📡 Detection & Monitoring
Log Indicators:
- Multiple failed image upload attempts
- Unusually large image uploads
- Service restart logs following image uploads
Network Indicators:
- Spike in POST requests to image upload endpoints
- Large file uploads to GitLab image endpoints
SIEM Query:
source="gitlab" AND ("image upload" OR "POST /uploads") AND size>10000000