CVE-2025-25291CRITICAL 9.8EPSS p97.0%

CVE-2025-25291CVE-2025-25291

Description

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS19.51% probability of exploitation · percentile 97.0% · 2026-06-19T12:03:05Z
Published2025-03-12
Last modified2025-11-03

Underlying weaknesses· 2

CWE-347CWE-436

References

  1. https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
  2. https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
  3. https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
  4. https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
  5. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
  6. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
  7. https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm
  8. https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv

2

TypeTargetConfidenceTier
WeaknessImproper Verification of Cryptographic Signaturecwe-3470%live
WeaknessInterpretation Conflictcwe-4360%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-25292
CVE
CVE-2025-66567
CVE
CVE-2025-66568
CVE
CVE-2026-46490
CVE
CVE-2025-54419
CVE
CVE-2025-27773
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.