#VU105688 Improper Verification of Cryptographic Signature in SAML SSO for Ruby - CVE-2025-25292


Vulnerability identifier: #VU105688

Vulnerability risk: High

CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-25292

CWE-ID: CWE-347

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SAML SSO for Ruby
Web applications / Other software

Vendor: SAML-Toolkits

Description

The vulnerability allows a remote attacker to bypass authentication on the system.

The vulnerability exists due to a parser differential. A remote attacker can execute a Signature Wrapping attack on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SAML SSO for Ruby: 1.0.0, 1.1.0 - 1.17.0, 1.2.0, 1.3.0 - 1.3.1, 1.4.0 - 1.4.3, 1.5.0, 1.6.0 - 1.6.2, 1.7.0 - 1.7.2, 1.8.0, 1.9.0

External links
https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE)
Multiple vulnerabilities in SAML SSO for Ruby