HIGH SeverityCVSS 3.17.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2025-14869

Last updated May 14, 2026 · Published May 14, 2026

Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints.

Affected products

1 listed

GitLab:GitLab

Mappings

CWE

CWE-1284

CAPEC

None listed.

Guides

Rate Limiting in Node.jsPatterns for APIs, login endpoints, and abuse control.

Training

Input Validation and Schema EnforcementValidate early, validate strictly - schemas, allowlists, and type-safe boundaries.
API Design That Defends ItselfREST, GraphQL, and gRPC patterns that reduce your attack surface by design.

CVE-2025-14869

Description

Affected products

Mappings

Related