CVE-2025-12983: 
GitLab 脆弱性の分析と軽減

GitLab has identified a low-severity vulnerability (CVE-2025-12983) affecting both Community Edition (CE) and Enterprise Edition (EE). The vulnerability was discovered in GitLab's markdown processing functionality and affects all versions from 16.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2. The issue was reported through GitLab's HackerOne bug bounty program by security researcher phli (GitLab Release).

The vulnerability is characterized by a denial of service condition that can be triggered through specially crafted markdown content containing nested formatting patterns. The severity of this vulnerability has been assessed with a CVSS score of 3.1 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L), indicating a low-severity issue requiring network access and authenticated user privileges to exploit (GitLab Release).

When successfully exploited, the vulnerability allows an authenticated user to cause a denial of service condition in the GitLab instance by submitting markdown content with specific nested formatting patterns. This could potentially affect the availability of the markdown rendering service (GitLab Release).

GitLab has released patches for this vulnerability in versions 18.5.2, 18.4.4, and 18.3.6. Organizations running affected versions are strongly recommended to upgrade to the patched versions immediately. GitLab.com has already been updated with the necessary patches, and GitLab Dedicated customers do not need to take any action (GitLab Release).

The vulnerability has been acknowledged as part of a larger security update that included multiple security fixes. Security researchers and industry professionals have noted this as a relatively low-risk vulnerability compared to other issues patched in the same release (Security Online).