Severity
Medium
Analysis Summary
CVE-2025-2867 CVSS:4.4
GitLab could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in AI-assisted development features.
CVE-2024-10307 CVSS:4.3
GitLab is vulnerable to a denial of service, caused by uncontrolled CPU consumption when viewing the associated merge request.
Impact
- Code Execution
- Denial of Service
Indicators of Compromise
CVE
CVE-2025-2867
CVE-2024-10307
Affected Vendors
- GitLab
Affected Products
- GitLab - 17.9
- GitLab - 17.8.5
- GitLab - 17.9.2
- GitLab - 17.10
Remediation
Upgrade to the latest version of GitLab, available from the GitLab Website.