CVE-2025-54419
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-07-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| node-saml | node-saml | 5.0.1 |
| xml-crypto | xml-crypto | 6.1.0 |
| node-saml | node-saml | 5.1.0 |
| xml-crypto | xml-crypto | 6.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54419 is a critical vulnerability in the Node-SAML library (version 5.0.1 and below) where the library loads the SAML assertion from the unsigned original response document instead of the parts verified by the signature. This flaw allows an attacker, who has a validly signed SAML document from the identity provider (IdP), to modify authentication details within the assertion, such as altering the username by removing characters. The root cause is improper authentication due to insufficient verification of the claimed identity. The vulnerability is fixed in version 5.1.0 by ensuring that only verified and authenticated SAML assertions are processed, preventing tampering. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows remote attackers to modify authentication data without requiring any privileges or user interaction. Specifically, attackers can alter authentication details like usernames within a valid SAML assertion, potentially gaining unauthorized access or impersonating users. The CVSS score is 10.0 (Critical), indicating high impact on confidentiality and integrity, meaning sensitive information can be exposed or altered, compromising system security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves verifying the version of the Node-SAML package in use and inspecting SAML assertions for tampering. Since the vulnerability exists in versions 5.0.1 and below, checking the installed package version is a primary step. Additionally, monitoring SAML responses for discrepancies between signed and unsigned assertion data could indicate exploitation attempts. Specific commands to check the package version include: `npm list node-saml` or `npm ls node-saml`. For deeper inspection, custom scripts or tools that parse and verify SAML assertions against their signatures would be needed, but no specific commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Node-SAML package to version 5.1.0 or later, where the vulnerability is fixed. This update includes enhanced XML signature verification using the `.signedReferences` interface from the `xml-crypto` package, ensuring that only verified signed assertions are processed. Additionally, ensure that your system uses the updated `xml-crypto` package version ^6.1.2 or later as part of the dependency update. Applying this patch prevents attackers from modifying authentication details within SAML assertions. [1, 2]