CVE-2025-40758

Summary

A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations.

Affected Software

VendorProductVersion RangeStatus
SiemensMendix SAML (Mendix 10.12 compatible)0 < V4.0.3affected
SiemensMendix SAML (Mendix 10.21 compatible)0 < V4.1.2affected
SiemensMendix SAML (Mendix 9.24 compatible)0 < V3.6.21affected

Weaknesses

  • CWE-347: CWE-347: Improper Verification of Cryptographic Signature

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References