What Happened?
CISA has added a high-severity vulnerability (CVE-2025-7034) affecting GitLab Runner to its Known Exploited Vulnerabilities (KEV) catalog. The flaw allows attackers who can run pipelines on a shared GitLab Runner instance to potentially execute commands on the underlying host system.
Business Impact
GitLab Runners are critical components of CI/CD pipelines, often having access to build environments, secrets, and deployment targets. Exploiting this vulnerability could allow an attacker to inject malicious code into software builds (supply chain attack), steal sensitive credentials, or compromise the infrastructure hosting the runner.
Why It Happened
The vulnerability involves improper handling of build variables or artifacts in certain configurations, allowing crafted pipeline jobs to break out of their intended isolation and execute commands on the host machine running the GitLab Runner agent.
Recommended Executive Action
Direct DevOps and platform engineering teams to immediately identify and update all GitLab Runner instances to the patched versions specified by GitLab. Review Runner configurations to ensure proper isolation and limit the permissions granted to runner processes.
Hashtags: #CISA #KEV #GitLab #DevOps #CI/CD #Vulnerability #SupplyChainSecurity #CyberSecurity #InfoSec