Multiple GitLab Flaws Enable Attackers to Launch Denial-of-Service Attacks

GitLab, a leading DevOps platform, has released urgent patch updates—versions 18.0.1, 17.11.3, and 17.10.7—for both its Community Edition (CE) and Enterprise Edition (EE), addressing a suite of critical vulnerabilities that could expose organizations to denial-of-service (DoS) attacks, authentication bypasses, and sensitive data leaks.

The most severe issue, tracked as CVE-2025-0993, allows authenticated attackers to exploit an unprotected large blob endpoint, potentially exhausting server resources and causing prolonged downtime.

This vulnerability carries a CVSS v3.1 score of 7.5, reflecting its high risk to system availability.

The coordinated release underscores the increasing complexity and threat landscape facing DevOps platforms, as attackers leverage resource exhaustion and privilege escalation vectors to destabilize critical infrastructure.

GitLab’s security team confirmed that all deployment models—including omnibus, source code, and helm chart installations—are affected and must be updated immediately.

Technical Breakdown: Key Vulnerabilities and Mitigations

The patch release addresses a total of eleven vulnerabilities, spanning high, medium, and low severity.

Notable technical issues include:

• CVE-2025-0993 (High): Unprotected large blob endpoint allows authenticated users to trigger a DoS by submitting oversized data payloads, overwhelming server resources.
• CVE-2025-3111 (Medium): Inadequate input validation in Kubernetes integration enables unbounded cluster token generation, exposing clusters to DoS attacks.
• CVE-2025-2853 (Medium): Unvalidated note positions could be exploited to disrupt service availability.
• CVE-2024-12093 (Medium): Improper XPath validation in SAML authentication permits bypassing two-factor authentication (2FA) under certain conditions.
• CVE-2025-4979 (Medium): Attackers could reveal masked or hidden CI/CD variables in the WebUI by manipulating HTTP responses.
• CVE-2025-0605 (Medium): Group access controls could be abused to bypass 2FA requirements.
• CVE-2025-0679 (Medium): Under specific scenarios, unauthorized users could view full email addresses that should be partially obscured.
• CVE-2024-9163 (Low): Branch name confusion in confidential merge requests (MRs) due to a business logic error.
• CVE-2025-1110 (Low): Unauthorized access to job data via a crafted GraphQL query.

Most of these vulnerabilities were identified through GitLab’s HackerOne bug bounty program, highlighting the value of coordinated disclosure and external security research.

Upgrade Protocols and Best Practices for DevSecOps Teams

GitLab strongly recommends that all self-managed installations upgrade to the latest patch release without delay.

While GitLab.com and GitLab Dedicated customers are already protected, on-premises users must act to mitigate risk.

Security teams are advised to:

• Review and update Kubernetes cluster configurations and webhook integrations.
• Audit SAML and CI/CD variable permissions.
• Implement outbound allowlists for SSRF (Server-Side Request Forgery) protection.
• Validate container images using FIPS-compliant builds and update runner configurations in tandem with core platform upgrades.

The patch release also includes infrastructure improvements, such as Elasticsearch query optimizations and Nginx module version alignment, to enhance overall system resilience.

With DevOps platforms increasingly targeted by sophisticated attacks, GitLab’s comprehensive remediation effort highlights the necessity of continuous vulnerability management and rapid patch adoption in modern software supply chains.

Sample Configuration Update for SSRF Protection:

textssrf_protection:
  outbound_allowlist:
    - https://trusted-api.example.com
    - https://internal-service.local

CI/CD Variable Masking Example:

textvariables:
  SECRET_TOKEN:
    value: "s3cr3t"
    masked: true

By following these protocols and applying the latest patches, organizations can significantly reduce their exposure to evolving security threats within the DevOps ecosystem.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates