GitLab launched security updates for Group Version (CE) and Enterprise Version (EE), fixing 9 vulnerabilities, amongst which two important severity ruby-saml library authentication bypass flaws.
All flaws have been addressed in GitLab CE/EE variations 17.7.7, 17.8.5, and 17.9.2, whereas all variations earlier than these are susceptible.
GitLab.com is already patched, and GitLab Devoted clients shall be up to date robotically, however customers who keep self-managed installations on their very own infrastructure might want to apply the updates manually.
“We strongly advocate that each one installations working a model affected by the problems described under are upgraded to the newest model as quickly as attainable,” warns the bulletin.
The 2 important flaws GitLab addressed this time are CVE-2025-25291 and CVE-2025-25292, each within the ruby-saml library, which is used for SAML Single Signal-On (SSO) authentication on the occasion or group degree.
These vulnerabilities permit an authenticated attacker with entry to a legitimate signed SAML doc to impersonate one other consumer throughout the identical SAML Id Supplier (IdP) atmosphere.
This implies an attacker may achieve unauthorized entry to a different consumer’s account, resulting in potential data breaches, privilege escalation, and different security dangers.
GitHub found the ruby-saml bugs and has printed a technical deep dive into the 2 flaws, noting that its platform hasn’t been impacted as using the ruby-saml library stopped in 2014.
“GitHub would not presently use ruby-saml for authentication, however started evaluating using the library with the intention of utilizing an open supply library for SAML authentication as soon as extra,” explains GitHub’s writeup.
“This library is, nonetheless, utilized in different in style initiatives and merchandise. We found an exploitable occasion of this vulnerability in GitLab, and have notified their security staff to allow them to take essential actions to guard their customers towards potential assaults.”
Of the remainder of the problems fastened by GitLab, one which stands out is a high-severity distant code execution subject tracked underneath CVE-2025-27407.
The flaw permits an attacker-controlled authenticated consumer to use the Direct Switch characteristic, which is disabled by default, to realize distant code execution.
The remaining points are low to medium-severity issues in regards to the denial of service (DoS), credential publicity, and shell code injection, all exploitable with elevated privileges.
GitLab customers who can’t improve instantly to a protected model are suggested to use the next mitigations within the meantime:
- Guarantee all customers on the GitLab self-managed occasion have 2FA enabled. Be aware that MFA on the identification supplier degree doesn’t mitigate the issue.
- Disable the SAML two-factor bypass possibility.
- Request admin approval for auto-created customers by setting ‘gitlab_rails[‘omniauth_block_auto_created_users’] = true’
Whereas these steps considerably cut back the chance of exploitation, they need to solely be handled as non permanent mitigation measures till upgrading to GitLab 17.9.2, 17.8.5, or 17.7.7 is virtually attainable.
To replace GitLab, head to the official downloads hub. GitLab Runner set up directions can be found right here.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK methods behind 93% of assaults and defend towards them.
