CVE-2024-4025 Inefficient Regular Expression Complexity in GitLab

🗓️ 20 Jun 2025 18:14:33Reported by GitLabType

Denial of Service vulnerability in GitLab versions due to inefficient regular expression complexity.

Reporter	Title	Published	Views	Family All 15
FreeBSD	Gitlab -- Vulnerabilities	26 Jun 202400:00	–	freebsd
Circl	CVE-2024-4025	20 Jun 202518:42	–	circl
CVE	CVE-2024-4025	20 Jun 202518:14	–	cve
Debian CVE	CVE-2024-4025	20 Jun 202518:14	–	debiancve
EUVD	EUVD-2024-32591	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Gitlab -- Vulnerabilities (589de937-343f-11ef-8a7b-001b217b3468)	27 Jun 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2024-4025	27 Aug 202500:00	–	nessus
NVD	CVE-2024-4025	20 Jun 202519:15	–	nvd
OSV	BIT-GITLAB-2024-4025 Inefficient Regular Expression Complexity in GitLab	24 Jun 202515:12	–	osv
OSV	CVE-2024-4025 Inefficient Regular Expression Complexity in GitLab	20 Jun 202518:14	–	osv

[
  {
    "vendor": "GitLab",
    "product": "GitLab",
    "repo": "git://[email protected]:gitlab-org/gitlab.git",
    "cpes": [
      "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
    ],
    "versions": [
      {
        "version": "7.10",
        "status": "affected",
        "lessThan": "16.11.5",
        "versionType": "semver"
      },
      {
        "version": "17.0",
        "status": "affected",
        "lessThan": "17.0.3",
        "versionType": "semver"
      },
      {
        "version": "17.1",
        "status": "affected",
        "lessThan": "17.1.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
hackerone	www.hackerone.com/reports/2024974
gitlab	www.gitlab.com/gitlab-org/gitlab/-/issues/457474

20 Jun 2025 18:14Current

CVSS 3.16.5

EPSS0.00199

CWE-1333