CVE-2025-2934

low-risk

Published 2025-10-09

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 5.2 prior to 18.2.8, 18.3 prior to 18.3.4, and 18.4 prior to 18.4.2 that could have allowed an authenticated attacker to create a denial of service condition by configuring malicious webhook endpoints that send crafted HTTP responses.

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (2)

Gitlab

Affected Vendors

Gitlab

References (3)

Release Notes https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-release...

Broken Link https://gitlab.com/gitlab-org/gitlab/-/issues/528979

Permissions Required https://hackerone.com/reports/3058791

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 7/34 · Low