GitLab Addresses Critical Auth Bypass Flaws in CE and EE
GitLab has issued security updates to address critical vulnerabilities in both Community Edition (CE) and Enterprise Edition (EE). The company has taken proactive measures to remediate nine identified security issues, including two critical ruby-saml authentication bypass issues. These flaws were tracked as CVE-2025-25291 and CVE-2025-25292.
GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2 have been released to address the issue. GitLab.com has already been patched with these updates, ensuring the security of all users. The company acknowledges that certain vulnerabilities could be exploited by attackers to gain unauthorized access to user accounts or escalate privileges.
According to a technical analysis of the two critical flaws, an attacker who possesses a valid signed SAML document can impersonate another valid user within the environment's SAML IdP. This vulnerability could lead to data breaches and privilege escalation if left unaddressed.
How Did this Happen?
The ruby-saml library used by GitLab when SAML SSO authentication is enabled at the instance or group level was found to be vulnerable to these critical authentication bypass issues. This vulnerability allows attackers who possess a single valid signature created with the key used to validate SAML responses or assertions of the targeted organization to construct their own SAML assertions and log in as any user.
In other words, this could potentially be used for an account takeover attack, compromising sensitive data and escalating privileges within the system. The vulnerabilities were discovered by GitHub, which does not use ruby-saml for authentication but has alerted its security team to take necessary actions to protect its users against potential attacks.
What Should You Do?
GitLab recommends that all installations running a version affected by these issues be upgraded to the latest version as soon as possible. For customers unable to update their versions, GitLab suggests enabling two-factor authentication, disabling SAML two-factor bypass, and requiring admin approval for new users.
Avoiding Vulnerability Exposure
For self-managed users, manual updates must be applied to address the vulnerability. The full list of flaws addressed by GitLab can be found on their official advisory. It is essential for all installations running affected versions to take proactive measures to secure their systems against these critical vulnerabilities.
Stay Up-to-Date
Customers relying on GitLab Dedicated will receive automatic updates, ensuring the security of their environments. Regularly monitoring system updates and applying patches promptly can prevent exploitation of such vulnerabilities.