Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0

Created on 2025-03-13 05:57 and updated on 2025-03-13 05:57.

Description

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. More information: https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/

Vulnerabilities included in this bundle

CVE-2024-45409: The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
CVE-2025-25292: Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)
CVE-2024-9487:
CVE-2025-25291:

Author

Cédric Bonhomme

Combined sightings

Author	Vulnerability	Source	Type	Date

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0

Description

Vulnerabilities included in this bundle

Meta

Author

Combined sightings