GitLab Patches High Runner Hijacking Flaw (CVE-2025-11702) and Multiple DoS Vulnerabilities

GitLab has released versions 18.5.1, 18.4.3, and 18.3.5 for both Community Edition (CE) and Enterprise Edition (EE) to address multiple vulnerabilities — including two high-severity flaws that could allow project runner hijacking and denial-of-service (DoS) attacks.

Users are strongly advised to upgrade immediately, as these issues affect multiple recent versions of GitLab and could be weaponized in active deployments.

The most severe issue, CVE-2025-11702 (CVSS 8.5), is an improper access control vulnerability in the runner API that could allow an authenticated user with specific permissions to hijack project runners from other projects within the same GitLab instance.

“GitLab has remediated an issue that could have allowed an authenticated user with specific permissions to hijack project runners from other projects,” the advisory explains.

If exploited, this flaw could allow attackers to gain control over build infrastructure, intercept CI/CD secrets, or inject malicious code into automated pipelines — a critical risk for enterprises running shared runners across multiple projects.

The advisory also addresses three separate Denial of Service (DoS) vulnerabilities affecting both GitLab CE/EE that could be exploited by unauthenticated users. DoS attacks aim to make a service unavailable to legitimate users, representing a major risk to service continuity and availability.

The DoS flaws include:

• CVE-2025-10497 (CVSS 7.5): An unauthenticated user could cause a denial of service condition by sending specially crafted payloads during event collection. Impacted versions include those from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1.
• CVE-2025-11447 (CVSS 7.5): This vulnerability allowed an unauthenticated user to trigger a denial of service by sending GraphQL requests containing crafted JSON payloads during the JSON validation process. Versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 were affected.
• CVE-2025-11974 (CVSS 6.5): An unauthenticated user could create a denial of service condition by uploading large files to specific API endpoints. The impacted versions span a wide range, from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1.

Several other vulnerabilities were addressed, including:

• CVE-2025-11971 (CVSS 6.5): An Incorrect Authorization issue in pipeline builds in GitLab CE/EE that allowed an authenticated user to trigger unauthorized pipeline executions through commit manipulation.
• CVE-2025-6601 (CVSS 3.8): A business logic error in group memberships in GitLab EE that, under specific conditions, could allow authenticated users to gain unauthorized project access by exploiting the access request approval workflow.

Related Posts:

• GitLab Releases Security Updates: XSS and Authorization Bypass Flaws Patched
• GitLab Urges Immediate Update for Two High-Severity Flaws
• Urgent GitLab Security Alert: High-Severity Flaws Allow Account Takeover & Code Injection!