How ZeroPath Works
Back to Blog

GitLab CVE-2025-2256: Brief Summary of SAML DoS Vulnerability and Affected Versions

A brief summary of CVE-2025-2256, a denial of service vulnerability in GitLab CE and EE SAML authentication affecting versions 7.12 through 18.1.5, 18.2.0 through 18.2.5, and 18.3.0 through 18.3.1. Includes technical details, affected versions, and references to official advisories.
CVE Analysis

8 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-09-11

GitLab CVE-2025-2256: Brief Summary of SAML DoS Vulnerability and Affected Versions
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Development teams relying on GitLab for source code management and CI/CD could face total service disruption from a single network-based attack. CVE-2025-2256 allows any external actor to send multiple large SAML responses, making affected GitLab instances unresponsive to all legitimate users.

About GitLab: GitLab is a widely adopted DevSecOps platform with millions of users worldwide. It powers source code management, CI/CD, and project collaboration for organizations of all sizes. Both Community Edition (CE) and Enterprise Edition (EE) are used across industries, making vulnerabilities in GitLab highly impactful for the global technology ecosystem.

Technical Information

CVE-2025-2256 is a denial of service vulnerability in the SAML authentication flow of GitLab CE and EE. The vulnerability is rooted in improper validation of the size and concurrency of SAML responses (CWE-1284: Improper Validation of Specified Quantity in Input).

Mechanism:

  • An attacker sends multiple concurrent SAML authentication requests with excessively large SAML responses to the GitLab SAML endpoint.
  • GitLab fails to properly validate or limit the size and number of these incoming SAML responses.
  • The authentication subsystem becomes overwhelmed, consuming excessive CPU and memory resources.
  • This leads to resource exhaustion, causing the instance to become unresponsive to all users.

Key technical points:

  • No authentication is required to exploit this issue.
  • The attack can be launched remotely against any GitLab instance with SAML authentication enabled.
  • The vulnerability affects both Community and Enterprise Editions.
  • Discovered and responsibly disclosed by yuki_osaki via HackerOne.

Affected Systems and Versions

  • GitLab Community Edition (CE) and Enterprise Edition (EE)
  • All versions from 7.12 before 18.1.6
  • 18.2 before 18.2.6
  • 18.3 before 18.3.2
  • Any deployment with SAML authentication enabled is vulnerable

Vendor Security History

GitLab has previously patched critical vulnerabilities in authentication, including SAML-related flaws (e.g., CVE-2024-45409, CVE-2025-25291, CVE-2025-25292). The vendor maintains a monthly release cycle and a public bug bounty program. Their response to critical vulnerabilities is typically prompt, with coordinated advisories and patches across supported versions.

References

Detect & fix
what others miss

Get startedBook a demo