CVE-2025-1250

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-1250

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1250.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-1250

Aliases

BIT-gitlab-2025-1250

Published

2025-09-12T06:15:42Z

Modified

2025-09-16T09:44:29.534272Z

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/519335
https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/
https://hackerone.com/reports/2903896

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

3b397c1753233301037d0ca3caae23ce116505d3

Fixed

f2e9bb529ea308547c5cf059bbb25aaf7adf96be