Severity
High
Analysis Summary
CVE-2025-11340 CVSS:7.7
GitLab could allow a remote authenticated attacker to bypass security restrictions, caused by incorrect authorization.
CVE-2025-10004 CVSS:7.5
GitLab is vulnerable to a denial of service, caused by allocation of resources without limits or throttling.
Impact
- Security Bypass
- Denial of Service
Indicators of Compromise
CVE
CVE-2025-11340
CVE-2025-10004
Affected Vendors
- GitLab
Affected Products
- GitLab 18.3
- GitLab 18.4
- GitLab 13.12
Remediation
Upgrade to the latest version of GitLab, available from the GitLab Website.