TLS Vulnerability in psPAS PowerShell Module Affects SAML Authentication Process
CVE-2025-59270

2.3LOW

Key Information:

Vendor: Pspete
Status: Pspas
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-59270?

The psPAS PowerShell module has a vulnerability in the 'Get-PASSAMLResponse' function that fails to enforce TLS 1.2 for SAML authentication. This oversight allows an unauthenticated attacker to position themselves in a Man-in-the-Middle attack, enabling them to manipulate the TLS handshake. Consequently, the attacker can downgrade the connection to a deprecated protocol, exposing sensitive data and compromising the security of the authentication process. To mitigate this risk, users should upgrade to version 7.0.209 or later.

Affected Version(s)

psPAS 6.4.85 < 7.0.209

psPAS 7.0.209

References

https://github.com/pspete/psPAS/releases/tag/v7.0.209

https://github.com/pspete/psPAS/commit/2a8b1b4bc001bec996...

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Sep 11, 2025

Credit

Cristian Gaber

Pspete

What is CVE-2025-59270?

Affected Version(s)

References

CVSS V4

Timeline

Credit