GitLab DoS Vulnerability (CVE-2025-14869) Impacts Unauthenticated Users
The National Vulnerability Database has detailed CVE-2025-14869, a high-severity denial-of-service (DoS) vulnerability in GitLab CE/EE. This flaw, with a CVSS score of 7.5, affects all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3.
Critically, an unauthenticated attacker could exploit this vulnerability by sending specially crafted payloads to specific API endpoints. This means no prior access or credentials are required, significantly lowering the bar for exploitation and increasing the risk for public-facing GitLab instances.
While the National Vulnerability Database does not specify affected products beyond GitLab CE/EE, the impact of a DoS attack can be severe, disrupting development pipelines, code repositories, and collaboration workflows. Organizations relying on GitLab for critical operations must prioritize patching.
What This Means For You
- If your organization uses GitLab CE/EE, immediately verify your version and apply the latest patches to mitigate CVE-2025-14869. An unauthenticated DoS is a direct threat to your operational continuity and development velocity. Don't wait for an incident.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
GitLab Unauthenticated DoS via API - CVE-2025-14869
title: GitLab Unauthenticated DoS via API - CVE-2025-14869
id: scw-2026-05-14-ai-1
status: experimental
level: high
description: |
Detects potential exploitation of CVE-2025-14869 by looking for POST requests to GitLab API endpoints that result in a 500 Internal Server Error, indicative of a denial of service condition caused by specially crafted payloads.
author: SCW Feed Engine (AI-generated)
date: 2026-05-14
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2025-14869/
tags:
- attack.impact
- attack.t1499
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/api/v4/'
cs-method|exact:
- 'POST'
sc-status|exact:
- '500'
cs-uri-query|contains:
- 'error'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-14869 | DoS | GitLab CE/EE versions from 18.5 before 18.9.7 |
| CVE-2025-14869 | DoS | GitLab CE/EE versions from 18.10 before 18.10.6 |
| CVE-2025-14869 | DoS | GitLab CE/EE versions from 18.11 before 18.11.3 |
| CVE-2025-14869 | DoS | Unauthenticated DoS via specially crafted payloads on certain API endpoints |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 14, 2026 at 09:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-6670 — Path Traversal
CVE-2026-6670 — The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and...
CVE-2026-6510: Critical Privilege Escalation in InfusedWoo Pro WordPress Plugin
CVE-2026-6510 — The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This...
InfusedWoo Pro Plugin Privilege Escalation (CVE-2026-6506)
CVE-2026-6506 — The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due to...