In GitLab CE/EE versions 11.10 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a high severity vulnerability CVE-2025-12562 was detected. This vulnerability allows unauthenticated users to cause a denial-of-service condition by sending crafted GraphQL queries that bypass query complexity limits, leading to uncontrolled resource consumption. To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-12562.
Read more Developer Tools
In GitLab CE/EE versions 17.5 through 18.4.5, 18.5 through 18.5.3, and 18.6 through 18.6.1 a medium severity vulnerability CVE-2025-13978 was detected. This vulnerability allows authenticated users to obtain the names of private projects they do not have access to via API error messages, potentially exposing sensitive project information. To address this issue, users should upgrade GitLab CE/EE to versions 18.4.6, 18.5.4 or 18.6.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13978.
Read more Developer Tools