CVE-2025-65954
Analyzed Analyzed - Analysis Complete
Open Redirect in SimpleSAMLphp-casserver

Publication date: 2026-05-18

Last updated on: 2026-05-27

Assigner: GitHub, Inc.

Description
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-18
Last Modified
2026-05-27
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2025-65954
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
simplesamlphp simplesamlphp-module-casserver to 6.3.1 (exc)
simplesamlphp simplesamlphp-module-casserver 7.0.0
simplesamlphp simplesamlphp-module-casserver 7.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in SimpleSAMLphp-casserver versions below 6.3.1 and 7.0.0. The logout endpoint accepts a URL query parameter for redirection and treats this URL as trusted. Depending on the configuration, the server either redirects the browser to this URL or shows a logout confirmation page with a link to continue to that URL. This behavior can be exploited if the configuration has 'enable_logout' set to true and 'skip_logout_page' set to true.

Impact Analysis

This vulnerability can lead to an attacker causing a user to be redirected to an arbitrary URL after logout, which may facilitate phishing or other malicious activities. The CVSS score indicates a low to medium severity with no impact on confidentiality or availability, but a low impact on integrity. The attacker does not need privileges but requires user interaction.

Mitigation Strategies

To mitigate this vulnerability, upgrade SimpleSAMLphp-casserver to version 6.3.1 or 7.0.0 or later, where the issue has been resolved.

Additionally, review your configuration settings related to 'enable_logout' and 'skip_logout_page'. If 'enable_logout' is set to true and 'skip_logout_page' is also true, consider changing these settings to prevent untrusted redirects.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65954. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart