CVE-2025-11702
📋 TL;DR
This vulnerability allows authenticated GitLab users with specific permissions to hijack project runners from other projects, potentially executing unauthorized code or accessing sensitive data. It affects GitLab EE versions 17.1 through 18.3.4, 18.4 through 18.4.2, and 18.5 through 18.5.0.
💻 Affected Systems
- GitLab Enterprise Edition
📦 What is this software?
Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →Gitlab by Gitlab
GitLab is a complete DevOps platform providing source code management, CI/CD pipelines, security scanning, container registry, and collaboration tools used by millions of developers and thousands of enterprises worldwide. As both a cloud-hosted SaaS offering (GitLab.com) and self-managed software, G...
Learn more about Gitlab →⚠️ Risk & Real-World Impact
Worst Case
An attacker could compromise CI/CD pipelines, steal credentials, exfiltrate source code, or deploy malicious code to production environments.
Likely Case
Unauthorized access to project runners leading to data leakage, pipeline manipulation, or resource abuse.
If Mitigated
Limited impact with proper access controls, monitoring, and network segmentation in place.
🎯 Exploit Status
Exploitation requires authenticated access and specific permissions; detailed technical information is available in the HackerOne report.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.3.5, 18.4.3, or 18.5.1
Vendor Advisory: https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/
Restart Required: Yes
Instructions:
1. Backup your GitLab instance. 2. Update to GitLab EE 18.3.5, 18.4.3, or 18.5.1 using your preferred method (Omnibus, Helm, source). 3. Restart GitLab services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Runner Access
allLimit project runner permissions to trusted users only and review existing assignments.
🧯 If You Can't Patch
- Review and restrict user permissions for project runner management.
- Implement network segmentation to isolate GitLab runners from sensitive systems.
🔍 How to Verify
Check if Vulnerable:
Check your GitLab version via the admin interface or by running 'sudo gitlab-rake gitlab:env:info' on the server.Check Version:
sudo gitlab-rake gitlab:env:info | grep 'GitLab version'Verify Fix Applied:
Confirm the GitLab version is 18.3.5, 18.4.3, or 18.5.1 or higher.📡 Detection & Monitoring
Log Indicators:
- Unauthorized runner assignment logs
- Suspicious API calls to runner endpoints
Network Indicators:
- Unexpected outbound connections from runners
- Unusual traffic patterns to/from GitLab instance
SIEM Query:
source="gitlab" AND (event="runner_assigned" OR event="runner_modified") AND user NOT IN [trusted_users]