VDB

CVE-2025-66567

CVE-2025-66567 PUBLISHED CVSS 9.300000190734863 CRITICAL

Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

EPSS 0.05% · 16.1th percentile

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
0.05%
16.1th percentile

Affected Products

VendorProductVersions
RubyGemsruby-saml0
SAML-Toolkitsruby-saml*
oneloginruby-saml0

Timeline

  • Dec 8, 2025 CVE Published
  • Dec 9, 2025 EPSS Score
  • Dec 9, 2025 PoC Published
  • Dec 9, 2025 PoC Published
  • Dec 9, 2025 PoC Published
  • Dec 10, 2025 PoC Published
  • Dec 11, 2025 PoC Published
  • Dec 12, 2025 CVE Updated
  • Dec 13, 2025 EPSS Score
  • Dec 17, 2025 EPSS Score
  • Dec 22, 2025 EPSS Score
  • Dec 26, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›