{"uuid": "968d7bab-ac9f-4a99-a4cc-ed39da78c795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/5097", "content": "\u041d\u0430\u0448\u0430 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u0430\u044f \u0440\u0443\u0431\u0440\u0438\u043a\u0430\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c \u0433\u0438\u0442\u043b\u0430\u0431\u0447\u0438\u043a\u0438 \ud83d\udc85\ud83d\udc85\ud83d\udc85\n\nGitLab has remediated two privately disclosed security issues (CVE-2025-25291, CVE-2025-25292) identified in the ruby-saml library which GitLab uses when SAML SSO authentication is enabled at the instance or group level. These issues have been remediated on GitLab.com, and in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2.\n\nOn GitLab CE/EE instances using SAML authentication, under certain circumstances, an attacker with access to a valid signed SAML document from the IdP could authenticate as another valid user within the environment's SAML IdP.\n\nSelf Managed GitLab: Known Mitigations\n\nAffected customers who cannot immediately update GitLab CE/EE to address these issues may choose to perform the following mitigation steps:\n\nNote: This vulnerability requires the attacker to have compromised a valid user account to perform the authentication bypass.\n\n- Enable GitLab two-factor authentication for all user accounts on the GitLab self-managed instance (NOTE: Enabling identity provider multi-factor authentication does not mitigate this vulnerability) and\n\n- Do not allow the SAML two-factor bypass option in GitLab and\n\n- Require admin approval for automatically created new users (gitlab_rails['omniauth_block_auto_created_users'] = true)\n\nhttps://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/", "creation_timestamp": "2025-03-13T06:45:02.000000Z"}