GitLab posted updates to its platform following the disclosure of a pair of critical security vulnerabilities.
The company said that both the Enterprise and Community Edition platforms should be updated as soon as possible to protect against any potential exploit attempts.
“We are committed to ensuring all aspects of GitLab that are exposed to customers or that host customer data are held to the highest security standards,” GitLab wrote in its announcement.
“As part of maintaining good security hygiene, it is highly recommended that all customers upgrade to the latest patch release for their supported version.”
Depending on the edition and release, the updated version with the new security fixes will be 17.9.2, 17.8.5, or 17.7.7.
While the update addresses a number of security bugs, there are two vulnerabilities in particular that stick out. CVE-2025-25291 and CVE-2025-25292 address critical-rated vulnerabilities in Ruby SAML, a component used for single sign on authentication.
The signature verification for the SSO system could be bypassed by using a specially crafted XML input, essentially allowing the attacker to authenticate without valid credentials.
There are some mitigating factors for both flaws. GitLab said that in order to target the authentication bypass flaws, the attacker needs to already be logged into another account with valid credentials.
Further, the attack scenario for both cases would involve taking over an admin account in order to create accounts that would be controlled by the attacker. For those unable to immediately update, GitLab recommended placing strict controls on new account creation and enabling two-factor authentication.
Both flaws were directly reported to GitLab and there have been no reports of zero-day exploitation. Credit for the discovery was given to researchers ahacker1 and Peter Stöckli.
In addition to the two critical vulnerabilities, the GitLab update contains a patch for a high severity rated vulnerability assigned as CVE-2025-27407.
The vulnerability was found in the Ruby implementation of GraphQL used by GitLab and if exploited would potentially allow an attacker to craft a malicious GraphQL schema that would have the ability to load external code. In practice, a successful exploit would result in remote code execution.
As with the two critical flaws, the threat surface is reduced by the need for the attacker to already be logged in with a valid user account. GitLab noted that administrators can mitigate the flaw by disabling direct transfer until the updates can be successfully applied.
