VDB

CVE-2025-25292

CVE-2025-25292 PUBLISHED

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.

EPSS 3.32% · 87.5th percentile

Risk Scores

EPSS Score
3.32%
87.5th percentile

Affected Products

VendorProductVersions
Bitnamigitlab0
Bitnamigitlab0

Timeline

  • Mar 12, 2025 CVE Published
  • Mar 13, 2025 EPSS Score
  • Mar 27, 2025 EPSS Score
  • Apr 23, 2025 EPSS Score
  • May 6, 2025 EPSS Score
  • Jun 2, 2025 EPSS Score
  • Jun 16, 2025 EPSS Score
  • Jul 13, 2025 EPSS Score
  • Jul 27, 2025 EPSS Score
  • Aug 9, 2025 EPSS Score
  • Aug 13, 2025 EPSS Score
  • Aug 23, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›