Page 200 - Red Hat PR REPORT - OCTOBER 2025
P. 200
10/8/25, 3:33 PM Red Hat Confirms Security Breach in Self-Hosted GitLab Instance, Customer Data Exposed - CPO Magazine
Companies se eming ly affected include Bank of America, Fidelity, Kaiser, AT&T, T-
Mobile, Cost co, Walmart, Mayo Clinic, the House of Representatives, U.S. Naval
Surfa ce Warfa re Center, and the Federal Aviation Administration.
The Crimson Collective also claims to have already exploited the stolen
authentication tokens to compromise downstream customers.
“Btw gained access to som e of their client’s infrastructure as well, already warned
them but yeah they preferred ignoring us,” it stated.
The hacking group claims to have contacted Red Hat for ransom negotiations.
However, the so ftware g iant allegedly replied with the generic “submit a
vulnerability report” resp onse , created a ticket, and kept assigning it to additional
st aff members from various departments.
Red Hat implemented security measures
Meanwh ile, Red Hat has implemented additional security measures to harden its
sy st ems and prevent a si milar se curity breach.
“ We have now implemented additional hardening measures designed to help
prevent fu rther access and contain the issue.”
The company also clarified that the security breach was unrelated to the OpenShift
AI vulnerability CVE-2025-10725 it had previously disclosed.
- Advertisement -
Nevertheless, it remains unclear how the threat actor breached Red Hat’s GitL ab
inst ance. Desp ite GitL ab having disclosed security vulnerabilities CVE-2024-5655
and CVE-2024-6385, the attackers were unlikely to have breached the company’s
infrast ructure.
GitL ab also confirmed that the data breach did not orig inate from its systems but
from Red Hat’s se lf-host ed inst ance of the GitL ab Community Edition, for which
se curity is the use r’s resp onsi bility.
https://www.cpomagazine.com/cyber-security/red-hat-confirms-security-breach-in-self-hosted-gitlab-instance-customer-data-exposed/ 3/7
