CVE-2025-66567 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-66567 PUBLISHED CVSS 9.300000190734863 CRITICAL

Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

EPSS 0.04% · 13.2th percentile

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS Score

0.04%

13.2th percentile

Affected Products

Vendor	Product	Versions
RubyGems	ruby-saml	0
SAML-Toolkits	ruby-saml	< 1.18.0
onelogin	ruby-saml	0

Timeline

Dec 8, 2025 CVE Published
Dec 9, 2025 EPSS Score
Dec 9, 2025 PoC Published
Dec 9, 2025 PoC Published
Dec 9, 2025 PoC Published
Dec 10, 2025 PoC Published
Dec 11, 2025 PoC Published
Dec 12, 2025 CVE Updated
Dec 13, 2025 EPSS Score
Dec 16, 2025 EPSS Score
Dec 20, 2025 EPSS Score
Dec 24, 2025 EPSS Score

References

Open in Interactive Console →