Authentication Bypass Vulnerability in ruby-saml by SAML Toolkits
CVE-2025-25292

9.3CRITICAL

Key Information:

Vendor

Saml-toolkits

Status
Ruby-saml
Vendor
CVE Published:
12 March 2025

Badges

đź“° News Worthy

What is CVE-2025-25292?

An authentication bypass vulnerability exists in the ruby-saml library, which provides SAML single sign-on (SSO) capabilities. Due to differences in XML parsing between ReXML and Nokogiri, an attacker could exploit this discrepancy to perform a Signature Wrapping attack. This vulnerability affects versions of ruby-saml prior to 1.12.4 and 1.18.0, allowing unauthorized access if not patched. The issue is addressed in the specified versions, making it essential for users to update their installations to mitigate potential risks. For more details on the security patch, please refer to the official repositories.

Affected Version(s)

ruby-saml < 1.12.4 < 1.12.4

ruby-saml >= 1.13.0, < 1.18.0 < 1.13.0, 1.18.0

News Articles

favicon imageSecurity Affairs

GitLab addressed critical auth bypass flaws in CE and EE)

GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE).

References

https://github.com/SAML-Toolkits/ruby-saml/security/advis...
x_refsource_CONFIRM
https://github.com/omniauth/omniauth-saml/security/adviso...
x_refsource_MISC
https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b3...
x_refsource_MISC

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • đź“°

    First article discovered by Security Affairs

  • Vulnerability published

  • Vulnerability Reserved

.