CVE-2025-66567
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-10
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruby-saml | ruby-saml | 1.12.4 |
| ruby-saml | ruby-saml | 1.18.0 |
| onelogin | ruby-saml | to 1.18.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the ruby-saml library versions up to 1.12.4 and is an authentication bypass caused by an incomplete fix for a previous vulnerability (CVE-2025-25292). The issue arises because the XML parsers ReXML and Nokogiri interpret the same XML input differently, resulting in different document structures. This discrepancy allows an attacker to perform a Signature Wrapping attack, bypassing authentication checks. The vulnerability is fixed in version 1.18.0 of ruby-saml.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to bypass authentication mechanisms in applications using vulnerable versions of ruby-saml. By exploiting the Signature Wrapping attack, an attacker could gain unauthorized access to systems or data that rely on ruby-saml for SAML authorization, potentially leading to data breaches or unauthorized actions within the affected system.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the ruby-saml library to version 1.18.0 or later, as this version contains the fix for the authentication bypass vulnerability caused by the incomplete fix in earlier versions.