Cybersecurity Vulnerabilities

CVE-2025-11865: GitLab Duo Flow Removal Vulnerability – Upgrade Immediately!

November 15, 2025 - By 

Overview

CVE-2025-11865 is a medium severity vulnerability affecting GitLab EE (Enterprise Edition). It allows a malicious actor, under specific and currently unspecified circumstances, to remove the Duo authentication flows configured by another user. This can lead to a bypass of Multi-Factor Authentication (MFA) for the targeted user, potentially compromising their account security.

The vulnerability impacts GitLab EE versions 18.1 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2.

Technical Details

While the specific attack vector remains undisclosed to prevent exploitation, the core issue revolves around insufficient authorization checks within the Duo integration in GitLab EE. An attacker could potentially manipulate requests or exploit a flaw in the user interface to trigger the removal of another user’s Duo configuration.

Further technical analysis may be released at a later date pending further investigation by the GitLab security team.

CVSS Analysis

  • CVE ID: CVE-2025-11865
  • Severity: MEDIUM
  • CVSS Score: 4.3

A CVSS score of 4.3 indicates a medium severity vulnerability. While the attacker needs to meet “certain circumstances” to exploit the issue, the potential impact of MFA bypass justifies prompt remediation.

Possible Impact

The primary impact of this vulnerability is the potential compromise of user accounts. By removing a user’s Duo authentication, an attacker could then attempt to gain unauthorized access to the victim’s GitLab account if they already have or can obtain the username and password. This can lead to:

  • Data breaches and exposure of sensitive information stored in GitLab.
  • Code tampering and malicious commits within Git repositories.
  • Disruption of development workflows and CI/CD pipelines.
  • Account takeover and misuse of the compromised user’s permissions.

Mitigation and Patch Steps

The recommended mitigation is to upgrade your GitLab EE instance to the latest patched version. Specifically:

  • Upgrade to version 18.3.6 or higher if you are using a version in the 18.1.x series.
  • Upgrade to version 18.4.4 or higher if you are using a version in the 18.4.x series.
  • Upgrade to version 18.5.2 or higher if you are using a version in the 18.5.x series.

These versions contain the necessary fixes to address CVE-2025-11865.

Follow the official GitLab upgrade documentation for detailed instructions: GitLab Upgrade Documentation

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *