- Critical defects have enabled threat actors to get around authentication and could cause data exfiltration
- The patch is available now, Gitlab urging users to apply it
Gitlab has corrected nine vulnerabilities affecting its publishing solutions (EC) and business publishing (EE) of its community, and urged users to immediately apply the fix.
In a security notice published, Gitlab said that among the nine faults there are two serious criticisms, which allow threat actors to get around authentication.
Users are invited to bring their CE / EE gitlab to versions 17.7.7, 17.8.5 and 17.9.2, as soon as possible. Gitlab.com is already corrected and customers dedicated to Gitlab will be updated automatically, so no action is required on their side. However, users who perform self -managed facilities will also have to repair.
Mitigate and correct
“We strongly recommend that all installations carrying out a version affected by the problems described below are upgraded to the latest version as soon as possible,” said Gitlab.
The two faults of critical gravity are followed in the form of CVE-2025-25291 and CVE-2025-25292. They were both discovered in the Ruby-Saml library, which is used for authentication SAML Single Sign-on (SSO) at the level of the body or the group. An authenticated striker, with access to a Valid saml document, can pretend to be another user with the same SAML Identity Provider environment (IDP) and thus access their account.
This, in turn, could cause data exfiltration, climbing privileges, etc.
Users who cannot apply the fix immediately must mitigate the risk by ensuring that all users on the self -managed Gitlab instances have configured 2FA (2FA in the identity provider does not help). They should also deactivate the two -fact SAML bypass option and should request administration approval for users created automatically.
Gitlab stressed that they should only be considered as temporary attenuations and that the only way to permanently solve the problem is to apply the patch.
Github says that his platform is not affected by this discovery, because she ceased to use the Ruby-Saml library over ten years ago, found BleepingCompute.
“Github does not currently use Ruby-Saml for authentication, but began to assess the use of the library with the intention of using an open source library for SAML authentication once again,” said Github.
Via Bleeping Compompute
