GitLab recently released a security advisory to address nine vulnerabilities impacting various installations. Out of these nine vulnerabilities, GitLab has rated two as critical. Tracked as CVE-2025-25291 & CVE-2025-25292, the vulnerabilities may result in account takeover.
GitLab is a web-based DevOps lifecycle solution built by GitLab Inc., providing unrivaled insight and productivity across the DevOps lifecycle in a single application.
Vulnerabilities Detail
The vulnerabilities exist in the ruby-saml library. SAML is an XML-based markup language used to exchange authentication and authorization data between parties. GitLab uses the library when SAML SSO authentication is enabled at the instance or group level.
An attacker with access to a valid signed SAML document from the IdP could authenticate as another valid user within the environment’s SAML IdP.
Affected versions
The vulnerabilities affect GitLab CE/EE versions 17.9.0, 17.9.1, 17.8.0, 17.8.1, 17.8.2, 17.8.3, 17.8.4, 17.7.0, 17.7.1, 17.7.2, 17.7.3, 17.7.4, 17.7.5, 17.7.6, and below.
Mitigation
Customers must upgrade to the GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2 to patch the vulnerabilities.
For more information, please visit the GitLab release announcement page.
Workaround
Users unable to upgrade the vulnerable GitLab instances may perform the following mitigation steps to address the flaw:
- Enable GitLab two-factor authentication for all user accounts on the GitLab self-managed instance.
- Do not allow the SAML two-factor bypass option in GitLab.
- Require admin approval for automatically created new users (gitlab_rails[‘omniauth_block_auto_created_users’] = true)
Qualys Detection
Qualys customers can scan their devices with QID 382943 to detect vulnerable assets.
Please follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
