CVE-2025-40758
BaseFortify
Publication date: 2025-08-14
Last updated on: 2025-08-15
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mendix | saml | * |
| mendix | saml | 4.1.2 |
| mendix | saml | 3.6.21 |
| mendix | saml | 4.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in certain versions of the Mendix SAML module where the module does not properly enforce signature validation and binding checks. This flaw could allow unauthenticated remote attackers to hijack user accounts in specific Single Sign-On (SSO) configurations.
How can this vulnerability impact me? :
The vulnerability can lead to account hijacking by unauthenticated remote attackers, potentially compromising user accounts and allowing unauthorized access to systems relying on the affected Mendix SAML module for authentication.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Mendix SAML module to a fixed version: at least V4.0.3 for Mendix 10.12 compatible versions, V4.1.2 for Mendix 10.21 compatible versions, or V3.6.21 for Mendix 9.24 compatible versions. These updates address the insufficient enforcement of signature validation and binding checks that allow account hijacking.