CVE-2025-65954
Open Redirect in SimpleSAMLphp-casserver
Publication date: 2026-05-18
Last updated on: 2026-05-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| simplesamlphp | casserver | From 7.0.0 (inc) to 6.3.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in SimpleSAMLphp-casserver versions below 6.3.1 and 7.0.0. The logout endpoint accepts a URL query parameter for redirection and treats this URL as trusted. Depending on the configuration, the server either redirects the browser to this URL or shows a logout confirmation page with a link to continue to that URL. This behavior can be exploited if the configuration has 'enable_logout' set to true and 'skip_logout_page' set to true.
How can this vulnerability impact me? :
This vulnerability can lead to an attacker causing a user to be redirected to an arbitrary URL after logout, which may facilitate phishing or other malicious activities. The CVSS score indicates a low to medium severity with no impact on confidentiality or availability, but a low impact on integrity. The attacker does not need privileges but requires user interaction.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade SimpleSAMLphp-casserver to version 6.3.1 or 7.0.0 or later, where the issue has been resolved.
Additionally, review your configuration settings related to 'enable_logout' and 'skip_logout_page'. If 'enable_logout' is set to true and 'skip_logout_page' is also true, consider changing these settings to prevent untrusted redirects.