Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: critical and high severity vulnerabilities in Gitlab's Community and Enterprise Editions can lead to remote code execution and authentication bypass
Image
Publié : 18/03/2025
- Version: 1.0
- Affected software: GitLab Community Edition (CE) and Enterprise Edition (EE)
- Severity of the Risk: Remote code execution and authentication bypass vulnerabilities
- Information trustworthiness: High
- Warning target audience: iOS users
- CVE/CVSS
→ CVE-2025-27407: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
→ CVE-2025-25291: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
→ CVE-2025-25292: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Sources
https://nvd.nist.gov/vuln/detail/CVE-2025-27407
https://nvd.nist.gov/vuln/detail/CVE-2025-25291
https://nvd.nist.gov/vuln/detail/CVE-2025-25292
Risks
A 9.0 critical vulnerability (CVE-2025-27407) affects GitLab's Community (CE) and Enterprise (EE)
editions. If left unpatched, affected instances are vulnerable to remote code execution (RCE) attacks,
potentially impacting the confidentiality, integrity, and availability of data and systems.
The same GitLab software contains two 8.8 high-severity vulnerabilities (CVE-2025-25291 and CVE-
2025-25292) that make unpatched instances vulnerable to authentication bypass attacks, which could
impact the confidentiality and integrity of data and systems.
No information is available that the vulnerabilities above are actively exploited.
CVE-2025-27407, CVE-2025-25291, and CVE-2025-25292 are fixed via updates to versions 17.9.2,
17.8.5, and 17.7.7 of the affected GitLab software. GitLab also included fixes for other low—and medium-
severity vulnerabilities: CVE-2024-7296, CVE-2024-8402, CVE-2025-0652, CVE-2024-12380, CVE-
2024-13054, and CVE-2025-1257.
Description
CVE-2025-27407 is an "Improper Control of Generation of Code" type of vulnerability (also known as
"Code Injection") in graphql-ruby, the Ruby implementation of GraphQL, and could allow an attacker-
controlled authenticated user account attempting to transfer a maliciously crafted project via the Direct
Transfer feature to execute code remotely, under certain circumstances. Defenders who cannot patch
immediately can remove the risk of exploitation by disabling Direct Transfer.
CVE-2025-25291 and CVE-2025-25292 are "Improper Verification of Cryptographic Signature" and
"Interpretation Conflict" type of vulnerabilities in ruby-saml, which provides security assertion markup
language (SAML) single sign-on (SSO) for Ruby. Since the ReXML and Nokogiri parsers can generate
different document structures from the same XML input, an attacker could be able to execute a Signature
Wrapping attack that could lead to authentication bypass.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2released
https://www.bleepingcomputer.com/news/security/gitlab-patches-critical-authentication-bypass-vulnerabilities