CVE-2025-2256

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-2256

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2256.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-2256

Aliases

BIT-gitlab-2025-2256

Published

2025-09-12T06:15:42Z

Modified

2025-09-16T09:44:29.602339Z

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/524633
https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/
https://hackerone.com/reports/3019485

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

ceb5083318f50aca486b71044b72c6ee1d1a4c3a

Fixed

f2e9bb529ea308547c5cf059bbb25aaf7adf96be