CVE-2025-0639: Allocation of Resources Without Limits or Throttling in GitLab
First published: Thu Apr 24 2025(Updated: )
An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >16.7<17.9.7 | |
| GitLab Enterprise Edition | >17.10<17.10.5 | |
| GitLab Enterprise Edition | >17.11<17.11.1 |
Remedy
Upgrade to versions 17.9.7, 17.10.5, 17.11.1 or above.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0639?
CVE-2025-0639 is classified as affecting service availability in certain versions of GitLab CE/EE.
How do I fix CVE-2025-0639?
To mitigate CVE-2025-0639, update GitLab CE/EE to versions 17.9.7 or later, 17.10.5 or later, or 17.11.1 or later.
Which versions are vulnerable to CVE-2025-0639?
CVE-2025-0639 affects GitLab CE versions from 16.7 to before 17.9.7, and GitLab EE versions from 17.10 to before 17.10.5 and from 17.11 to before 17.11.1.
What type of issue is described in CVE-2025-0639?
CVE-2025-0639 describes an issue affecting service availability via issue preview in GitLab.
Is CVE-2025-0639 an issue in both GitLab CE and EE?
Yes, CVE-2025-0639 impacts both GitLab Community Edition (CE) and GitLab Enterprise Edition (EE).
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/title
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/source
- agent/last-modified-date
- agent/severity
- agent/author
- agent/tags
- agent/event
- vendor/gitlab
- canonical/gitlab
- canonical/gitlab enterprise edition