CVE-2025-25292
Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.
Reserved 2025-02-06 | Published 2025-03-12 | Updated 2025-03-15 | Assigner GitHub_MCWE-347: Improper Verification of Cryptographic Signature
CWE-436: Interpretation Conflict
github.com/...y-saml/security/advisories/GHSA-754f-8gm6-c4r2
github.com/...h-saml/security/advisories/GHSA-hw46-3hmr-x9xv
github.com/...ommit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
github.com/...ommit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
about.gitlab.com/.../12/patch-release-gitlab-17-9-2-released
github.blog/...-sso-authentication-with-parser-differentials
github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
Support options
