CVE-2025-14869

High

Published: 14 May 2026

Published

14 May 2026

Modified

14 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0003 8.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14869 is a high-severity Improper Validation of Specified Quantity in Input (CWE-1284) vulnerability in Gitlab (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, ranked at the 8.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on…

certain API endpoints.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-1284

Affected Products

Gitlab

—

inferred from references and description; NVD did not file a CPE for this CVE

References

https://about.gitlab.com/releases/2026/05/13/patch-release-gitlab-18-11-3-released/
cve@gitlab.com
https://gitlab.com/gitlab-org/gitlab/-/work_items/584489
cve@gitlab.com
https://hackerone.com/reports/3447146
cve@gitlab.com