heise online

Critical SAML login vulnerability with maximum score jeopardizes Gitlab server

Admins of self-hosted Gitlab instances should update their servers quickly. Due to a"critical" security vulnerability, access may be possible without logging in. In a warning message, the developers ...
Dark Reading

GitLab Warns of Max Severity Authentication Bypass Bug

Organizations with self-hosted GitLab instances configured for SAML-based authentication might want to update immediately to new versions of the DevOps platform that the company released this week.
Dark Reading

SAML Flaw Lets Hackers Assume Users' Identities

A newly discovered vulnerability lets attackers take advantage of single sign-on (SSO) systems relying on Security Assertion Markup Language (SAML) and authenticate as another user without knowing his ...
heise online

Security vulnerabilities: Gitlab developers advise rapid update

According to a warning message, two vulnerabilities (CVE-2025-25291, CVE-2025-25292) are considered “critical”. However, systems are only vulnerable if authentication via SAML SSO is active and ...