GitLab addressed critical auth bypass flaws in CE and EE)

GitLab released security updates to address nine vulnerabilities, including two critical authentication bypass flaws in Community Edition (CE) and Enterprise Edition (EE). The flaws, CVE-2025-25291 and CVE-2025-25292, allow attackers with a valid signed SAML document to impersonate users within the same SAML IdP, potentially leading to data breaches and privilege escalation. GitLab Dedicated customers receive automatic updates, while self-managed users must apply updates manually.