Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
High

GitLab CE/EE Event Collection Denial of Service

IdentifiersCVE-2025-10497CWE-770· Allocation of Resources Without…

CVE-2025-10497 is a denial-of-service vulnerability in the event collection subsystem of GitLab Community Edition and Enterprise Edition. According to the provided content, affected versions are GitLab CE/EE 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1. The flaw is described as insufficient validation of incoming payloads to the event collection endpoint, allowing an unauthenticated remote attacker to send specially crafted payloads that trigger excessive resource allocation and resource exhaustion. The issue is characterized in the content as CWE-770 and impacts availability by causing the GitLab instance to become unresponsive or unavailable.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows an unauthenticated attacker to cause a denial-of-service condition against a vulnerable GitLab instance. The attack can exhaust CPU, memory, or other system resources and render the service unavailable. Based on the provided content, the impact is limited to availability, with no indication of confidentiality or integrity compromise.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce exposure of the vulnerable event collection functionality to untrusted networks where feasible, and apply compensating controls such as request filtering and rate limiting in front of GitLab to restrict abusive payload submission. Prioritize limiting unauthenticated network access paths to the affected endpoint until patched. Specific temporary mitigations beyond validation and rate limiting were not provided in the content.

Remediation

Patch, then assume compromise.

Upgrade GitLab Community Edition or Enterprise Edition to a fixed release. The provided content states that GitLab remediated the issue in versions 18.3.5, 18.4.3, and 18.5.1. The fix reportedly includes enhanced validation of event collection payloads and rate limiting to prevent crafted requests from exhausting resources.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
GitLabGitlabapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app
zeropath blogNews
Oct 28, 2025
GitLab Runner API Improper Access Control (CVE-2025-11702): Brief Summary and Patch Review - ZeroPath Blog | ZeroPath

A denial-of-service vulnerability in GitLab event collection where unauthenticated users could send crafted payloads to disrupt service.

Read more
the hacker newsNews
Oct 27, 2025
⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens

A vulnerability listed as trending; no technical details provided in the content.

Read more
zeropath blogNews
Oct 26, 2025
GitLab CVE-2025-10497: Brief Summary of Denial of Service in Event Collection - ZeroPath Blog | ZeroPath

A denial of service vulnerability in GitLab Community Edition and Enterprise Edition event collection subsystem that allows unauthenticated remote attackers to trigger excessive resource allocation and cause service unavailability.

Read more
zeropath blogNews
Oct 26, 2025
GitLab GraphQL JSON DoS (CVE-2025-11447): Brief Summary and Patch Guidance - ZeroPath Blog | ZeroPath

A previously addressed GitLab vulnerability affecting event collection; no further technical details are provided in the content.

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity1

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-10497
NVD
nvd.nist.gov/vuln/detail/CVE-2025-10497
MITRE CWE · CWE-770
Allocation of Resources Without Limits or…
Vendor Advisory
about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released
Permissions Required
hackerone.com/reports/3338151