VDB
WID-SEC-W-2025-0561
WID-SEC-W-2025-0561
PUBLISHED
RubySAML ist eine Authentifizierungsbibliothek.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu Linux | ||
| NetApp StorageGRID | ||
| Hashicorp Terraform <v202502-2 | ||
| Open Source Ruby SAML <1.18.0 | ||
| v202502 | ||
| Open Source Ruby SAML <1.12.4 | ||
| Debian Linux | ||
| Open Source Ruby SAML 1.18.0 | ||
| Open Source Ruby SAML 1.12.4 |
Exploit Intelligence
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0561.json (circl)
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0561 (circl)
- https://discuss.hashicorp.com/t/hcsec-2025-05-terraform-enterprise-s-single-sign-on-and-ruby-saml-s-cve-2025-25291-and-cve-2025-25292/73824 (circl)
- https://security.netapp.com/advisory/ntap-20250314-0008/ (circl)
- https://security.netapp.com/advisory/ntap-20250314-0009/ (circl)
- https://ubuntu.com/security/notices/USN-7409-1 (circl)
- https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html (circl)
- CVE-2025-25293.yml (github-poc)
Timeline
- Mar 13, 2025 CVE Published
- Apr 6, 2025 CVE Updated
- Apr 2, 2026 Distribution Patch
References
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0561.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0561 advisory
- https://discuss.hashicorp.com/t/hcsec-2025-05-terraform-enterprise-s-single-sign-on-and-ruby-saml-s-cve-2025-25291-and-cve-2025-25292/73824 url
- https://security.netapp.com/advisory/ntap-20250314-0008/ url
- https://security.netapp.com/advisory/ntap-20250314-0009/ url
- https://ubuntu.com/security/notices/USN-7409-1 url
- https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html url