CVE-2025-25292

Summary

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.

Affected Software

VendorProductVersion RangeStatus
SAML-Toolkitsruby-saml< 1.12.4affected
SAML-Toolkitsruby-saml>= 1.13.0, < 1.18.0affected

Weaknesses

  • CWE-347: CWE-347: Improper Verification of Cryptographic Signature
  • CWE-436: CWE-436: Interpretation Conflict

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References