GitLab Product Security Update Advisory

Mar 18 2025

Overview

We have released security updates to fix vulnerabilities in GitLab products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-25291, CVE-2025-25292, CVE-2025-27407

GitLab CE/EE Version: ~17.7.7 (excluded)
GitLab CE/EE version: ~17.8.5 (excluded)
GitLab CE/EE version: ~17.9.2 (excluded)

Resolved Vulnerabilities

Authentication bypass vulnerability in SAML authentication (CVE-2025-25291)
Authentication bypass vulnerability in SAML authentication (CVE-2025-25292)
Remote code execution vulnerability in the Direct Transfer feature (CVE-2025-27407)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-25291, CVE-2025-25292, CVE-2025-27407

GitLab CE/EE version: 17.7.7
GitLab CE/EE version: 17.8.5
GitLab CE/EE version: 17.9.2

References

[1] GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7
https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/

GitLab Product Security Update Advisory

Microsoft Edge browser (134.0.3124.62) version security update advisory

ManageEngine (Analytics Plus) Product March 2025 Security Update Advisory

Tags:

Microsoft Edge browser (134.0.3124.62) version security update advisory

ManageEngine (Analytics Plus) Product March 2025 Security Update Advisory