This post is also available in:
עברית (Hebrew)
Red Hat has disclosed a breach affecting a specific GitLab environment used by its consulting team. The incident, which the company says does not impact its software supply chain or core products, involved unauthorized access to data related to client engagements.
According to Red Hat, the compromised GitLab instance was used internally for collaboration on select consulting projects. The environment contained items such as project documentation, code examples, automation tools, and internal notes. The company stated it had launched a full investigation, removed unauthorized access, isolated the environment, and notified relevant authorities.
While Red Hat continues to review the scope of the breach, it maintains that this GitLab instance is separate from Red Hat’s main software development infrastructure and product repositories.
Claims of the breach first surfaced on Telegram, according to International Cyber Digest, where a group calling itself the Crimson Collective claimed responsibility. The group alleges it obtained over 570 GB of data from more than 28,000 repositories, including around 800 Customer Engagement Reports (CERs). These CERs may contain detailed information about client networks, including configurations, deployment scripts, VPN settings, and internal tools.
Cybersecurity researchers have warned that such data, if genuine, could provide attackers with a roadmap to exploit customer infrastructure. Screenshots shared by the attackers list files and directories referencing several major organizations, including government agencies, telecoms, and financial institutions. However, the full extent and authenticity of these claims remain unverified.
Red Hat stressed that this breach is unrelated to a recently disclosed critical vulnerability (CVE-2025-10725) in OpenShift AI, which allows privilege escalation within container environments. The company reiterated that the GitLab incident did not involve its broader development platforms or customer-facing systems.
Red Hat has committed to informing affected parties directly if their data is found to be impacted. In the meantime, it continues to treat the matter as a high priority and is proceeding with further analysis and containment.
