SB2025031316 - Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2025-25291)

The vulnerability allows a remote attacker to bypass authentication on the system.

The vulnerability exists due to a parser differential. A remote user can execute a Signature Wrapping attack on the target system.

2) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2025-25292)

The vulnerability allows a remote attacker to bypass authentication on the system.

The vulnerability exists due to a parser differential. A remote attacker can execute a Signature Wrapping attack on the target system.

3) Code Injection (CVE-ID: CVE-2025-27407)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when loading a malicious schema definition in "GraphQL::Schema.from_introspection". A remote attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Input validation error (CVE-ID: CVE-2024-13054)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

5) Information disclosure (CVE-ID: CVE-2024-12380)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output when repository mirroring fails. A remote administrator can gain unauthorized access to sensitive information on the system.

6) Input validation error (CVE-ID: CVE-2025-1257)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unbounded field in GitLab Approval Rules. A remote attacker can manipulate specific API inputs and perform a denial of service (DoS) attack.

7) Information disclosure (CVE-ID: CVE-2025-0652)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the internal notes in merge requests are emailed to non-members upon review submission. A remote user can access confidential information intended for internal use only.

8) Command Injection (CVE-ID: CVE-2024-8402)

The vulnerability allows a remote user to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation in the Google Cloud IAM integration feature. A remote administrator can pass specially crafted data to the application and execute arbitrary commands on the target system.

9) Improper access control (CVE-ID: CVE-2024-7296)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote administrator can approve pending membership requests beyond the maximum number of allowed users.

Remediation

Install update from vendor's website.

References

• https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/
• https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/</p><p><br></p>