An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature.
Fixes

Solution

Upgrade to versions 18.0.6, 18.1.4, 18.2.2 or above.


Workaround

No workaround given by the vendor.

History

Fri, 15 Aug 2025 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Wed, 13 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 13 Aug 2025 17:45:00 +0000

Type Values Removed Values Added
Description An issue has been discovered in GitLab CE/EE affecting all versions from 13.2 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to create a denial of service condition by sending specially crafted markdown payloads to the Wiki feature.
Title Inefficient Regular Expression Complexity in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-1333
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2025-08-13T20:03:48.370Z

Reserved: 2025-03-28T17:30:48.808Z

Link: CVE-2025-2937

cve-icon Vulnrichment

Updated: 2025-08-13T20:03:35.904Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-13T18:15:31.010

Modified: 2025-08-15T16:31:10.727

Link: CVE-2025-2937

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.