GitLab Patches Critical Authentication Bypass Flaws in CE and EE
TL;DR
GitLab has released security updates to address critical authentication bypass vulnerabilities in its Community Edition (CE) and Enterprise Edition (EE). The updates fix nine issues, including two critical flaws in the ruby-saml
library used for SAML SSO authentication. Users are strongly advised to update to the latest versions to mitigate risks of data breaches and privilege escalation.
Critical Authentication Bypass Vulnerabilities Addressed by GitLab
GitLab has recently released security updates to address critical vulnerabilities in its Community Edition (CE) and Enterprise Edition (EE). These updates are crucial for maintaining the security and integrity of GitLab instances, particularly those using SAML SSO authentication.
Key Vulnerabilities and Updates
GitLab has addressed a total of nine vulnerabilities, with two being classified as critical. These critical flaws, tracked as CVE-2025-25291 and CVE-2025-25292, are related to the ruby-saml
library. The affected versions are GitLab CE/EE 17.7.7, 17.8.5, and 17.9.2, all of which have been patched to mitigate these issues. GitLab.com has already been updated to reflect these changes.
According to GitLab’s advisory:
“GitLab has remediated two privately disclosed security issues (CVE-2025-25291, CVE-2025-25292) identified in the
ruby-saml
library which GitLab uses when SAML SSO authentication is enabled at the instance or group level. On GitLab CE/EE instances using SAML authentication, under certain circumstances, an attacker with access to a valid signed SAML document from the IdP could authenticate as another valid user within the environment’s SAML IdP.”
Potential Risks and Impact
The critical flaws allow attackers with a valid signed SAML document to impersonate other users within the same SAML IdP. This poses significant risks, including data breaches and privilege escalation. A technical analysis of the vulnerabilities highlights that attackers could construct SAML assertions to log in as any user, potentially leading to account takeover.
Mitigation Steps
GitLab recommends that all affected installations be upgraded to the latest version as soon as possible. While GitLab Dedicated customers receive automatic updates, self-managed users must apply the updates manually.
For those unable to update immediately, GitLab advises enabling two-factor authentication, disabling SAML two-factor bypass, and requiring admin approval for new users.
Additional Vulnerabilities Addressed
Besides the critical flaws, GitLab has also addressed several other vulnerabilities of varying severity:
- CVE-2025-27407: High severity issue in the
graphql
gem. - Denial of Service Due to Inefficient Processing of Untrusted Input: Medium severity.
- Credentials disclosed when repository mirroring fails: Medium severity.
- Denial of Service Vulnerability in GitLab Approval Rules due to Unbounded Field: Medium severity.
- Internal Notes in Merge Requests Are Emailed to Non-Members Upon Review Submission: Medium severity.
- Maintainer can inject shell code in Google integrations: Low severity.
- Guest with custom Admin group member permissions can approve the users invitation despite user caps: Low severity.
Community Contributions
Interestingly, GitHub, which does not use ruby-saml
for authentication, discovered these vulnerabilities in GitLab. GitHub’s security team alerted GitLab, allowing them to take necessary actions to protect users against potential attacks.
Conclusion
The recent security updates by GitLab are a significant step in maintaining the platform’s security. Users are strongly advised to update their instances to the latest versions to mitigate the risks associated with these vulnerabilities. For further insights, check out the full advisory from GitLab.
Follow me on Twitter: @securityaffairs, Facebook, and Mastodon
SecurityAffairs – hacking, newsletter
For more details, visit the full article: source