CVE-2025-1257: 
GitLab vulnerability analysis and mitigation

An issue was discovered in GitLab Enterprise Edition (EE) affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. The vulnerability allows an attacker to cause a denial of service condition by manipulating specific API inputs (GitLab Release, NVD Database).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The issue is related to the CWE-770 (Allocation of Resources Without Limits or Throttling) weakness type, which indicates the vulnerability stems from improper resource management (NVD Database).

When exploited, this vulnerability can result in a denial of service condition, potentially affecting the availability of GitLab instances. The attack specifically targets the system through API inputs, which can lead to service disruption (GitLab Release).

GitLab has released patches in versions 17.7.7, 17.8.5, and 17.9.2 to address this vulnerability. It is strongly recommended that all affected installations upgrade to the latest version as soon as possible. GitLab.com is already running the patched version (GitLab Release).

The vulnerability was responsibly disclosed through GitLab's HackerOne bug bounty program by security researcher 'pwnie'. GitLab has acknowledged and thanked the researcher for their contribution to platform security (GitLab Release, Security Online).