Summary: GitLab has released urgent updates to fix multiple critical vulnerabilities (including CVE-2025-3950) that allow for Authentication Bypass and Remote Code Execution via CI/CD pipelines. Attackers can exploit these to inject malicious code into software builds or steal secrets stored in the pipeline environment.
Business Impact: High “Supply Chain” risk. If your software team uses self-hosted GitLab, an attacker could silently insert a backdoor into your company’s product updates, affecting all your customers downstream (similar to the SolarWinds attack).
Why It Happened: Flaws in the SAML authentication logic (via `ruby-saml`) allowed attackers to impersonate legitimate users and trigger malicious pipeline jobs.
Recommended Executive Action: Enforce an immediate upgrade to GitLab versions 17.8.4, 17.7.6, or 17.6.5. Rotate all CI/CD tokens and secrets (AWS keys, API tokens) stored in GitLab, as they should be considered compromised if the instance was unpatched.
Hashtags: #GitLab #DevSecOps #SupplyChainSecurity #CI_CD #Vulnerability #AppSec