216.73.217.64

CVE-2025-25292

· Published 12/03/2025 21:15 · Modified 12/03/2025 22:15

Labels: CVE-2025-25292 2025-03-12CVE-2025-25292CWE-347[email protected]

Essential information

Published
12/03/2025 21:15
Modified
12/03/2025 22:15
Author
Creator
CISA KEV
No
CWE

Description

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ruby-saml / ruby-saml cpe:2.3:a:ruby-saml:ruby-saml:*:*:*:*:*:*:*:*

References