Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0

Created on 2025-03-13 05:57 and updated on 2025-03-13 05:57.

Description

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. More information: https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/

Vulnerabilities included in this bundle

CVE-2024-45409: The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
CVE-2025-25292: Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)
CVE-2024-9487: An Improper Verification of Cryptographic Signature vulnerability was identified in GitHub Enterprise Server that allowe...
CVE-2025-25291:

Author

Cédric Bonhomme

Combined sightings

Author	Vulnerability	Source	Type	Date
automation	CVE-2024-9487	https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/	seen	15 days ago
automation	CVE-2025-25292	https://bsky.app/profile/pmloik.bsky.social/post/3lkomemcicw2k	seen	9 days ago
automation	CVE-2025-25292	https://bsky.app/profile/pmloik.bsky.social/post/3lkokyjc4f22u	seen	9 days ago
automation	CVE-2025-25292	https://bsky.app/profile/pmloik.bsky.social/post/3lkokxqvjot2k	seen	9 days ago
automation	CVE-2025-25292	https://bsky.app/profile/pmloik.bsky.social/post/3lkokvurocj2k	seen	9 days ago
automation	CVE-2025-25292	https://bsky.app/profile/pmloik.bsky.social/post/3lkokuzqx2e2r	seen	9 days ago
automation	CVE-2025-25292	https://bsky.app/profile/pmloik.bsky.social/post/3lkokr7tm7l2u	seen	9 days ago
automation	CVE-2025-25292	https://bsky.app/profile/pmloik.bsky.social/post/3lkokqdygp32r	seen	9 days ago
automation	CVE-2025-25292	https://bsky.app/profile/pmloik.bsky.social/post/3lkokpweols2m	seen	9 days ago
automation	CVE-2025-25292	https://bsky.app/profile/buherator.bsky.social/post/3lknzchpnnd2u	seen	9 days ago
automation	CVE-2025-25292	https://bsky.app/profile/pmloik.bsky.social/post/3lklwuqfadg2x	seen	10 days ago
automation	CVE-2025-25292	https://infosec.exchange/users/tomcat/statuses/114177286203783922	seen	11 days ago
automation	CVE-2025-25292	https://poliverso.org/objects/0477a01e-3e39154e-7e52655bd7735e43	seen	11 days ago
automation	CVE-2025-25292	https://mstdn.ca/users/rfwaveio/statuses/114169531613827594	seen	12 days ago
automation	CVE-2025-25292	https://mstdn.ca/users/rfwaveio/statuses/114166691630661888	seen	12 days ago
automation	CVE-2025-25292	https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaafun23	seen	13 days ago
automation	CVE-2025-25292	https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaafum23	seen	13 days ago
automation	CVE-2025-25292	https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaaful23	seen	13 days ago
automation	CVE-2025-25292	https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaaevd23	seen	13 days ago
automation	CVE-2025-25292	https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaabxl23	seen	13 days ago
automation	CVE-2025-25292	https://bsky.app/profile/getpokemon7.bsky.social/post/3lkemmpsaus2o	seen	13 days ago
automation	CVE-2025-25292	https://bsky.app/profile/securityrss.bsky.social/post/3lkdyyts5z62u	seen	13 days ago
automation	CVE-2025-25292	https://threatintel.cc/2025/03/14/gitlab-addressed-critical-auth-bypass.html	seen	14 days ago
automation	CVE-2025-25292	https://bsky.app/profile/dimaiosdev.bsky.social/post/3lkdbeyncf22c	seen	14 days ago
automation	CVE-2025-25292	https://infosec.exchange/users/cR0w/statuses/114154867825552089	seen	14 days ago
automation	CVE-2025-25292	https://infosec.exchange/users/cR0w/statuses/114154851252724733	seen	14 days ago
automation	CVE-2025-25292	https://infosec.exchange/users/cR0w/statuses/114154846152927799	seen	14 days ago
automation	CVE-2025-25292	https://infosec.exchange/users/decio/statuses/114154270169549367	seen	15 days ago
automation	CVE-2025-25292	https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/	seen	15 days ago
automation	CVE-2024-45409	https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/	seen	15 days ago
automation	CVE-2024-45409	https://infosec.exchange/users/cR0w/statuses/114144084637484568	seen	16 days ago
automation	CVE-2024-45409	https://infosec.exchange/users/obivan/statuses/113481188117795687	seen	4 months ago
automation	CVE-2025-25291	https://github.com/projectdiscovery/nuclei-templates/tree/main/code/cves/2025/CVE-2025-25291.yaml	confirmed	6 days ago
automation	CVE-2025-25291	https://bsky.app/profile/pmloik.bsky.social/post/3lkomemcicw2k	seen	9 days ago
automation	CVE-2025-25291	https://bsky.app/profile/pmloik.bsky.social/post/3lkokyjc4f22u	seen	9 days ago
automation	CVE-2025-25291	https://bsky.app/profile/pmloik.bsky.social/post/3lkokxqvjot2k	seen	9 days ago
automation	CVE-2025-25291	https://bsky.app/profile/pmloik.bsky.social/post/3lkokvurocj2k	seen	9 days ago
automation	CVE-2025-25291	https://bsky.app/profile/pmloik.bsky.social/post/3lkokuzqx2e2r	seen	9 days ago
automation	CVE-2025-25291	https://bsky.app/profile/pmloik.bsky.social/post/3lkokr7tm7l2u	seen	9 days ago
automation	CVE-2025-25291	https://bsky.app/profile/pmloik.bsky.social/post/3lkokqdygp32r	seen	9 days ago
automation	CVE-2025-25291	https://bsky.app/profile/pmloik.bsky.social/post/3lkokpweols2m	seen	9 days ago
automation	CVE-2025-25291	https://bsky.app/profile/buherator.bsky.social/post/3lknzchpnnd2u	seen	9 days ago
automation	CVE-2025-25291	https://bsky.app/profile/pmloik.bsky.social/post/3lklwuqfadg2x	seen	10 days ago
automation	CVE-2025-25291	https://infosec.exchange/users/tomcat/statuses/114177286203783922	seen	11 days ago
automation	CVE-2025-25291	https://poliverso.org/objects/0477a01e-3e39154e-7e52655bd7735e43	seen	11 days ago
automation	CVE-2025-25291	https://mstdn.ca/users/rfwaveio/statuses/114169531613827594	seen	12 days ago
automation	CVE-2025-25291	https://mstdn.ca/users/rfwaveio/statuses/114166691630661888	seen	12 days ago
automation	CVE-2025-25291	https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaafun23	seen	13 days ago
automation	CVE-2025-25291	https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaafum23	seen	13 days ago
automation	CVE-2025-25291	https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaaful23	seen	13 days ago
automation	CVE-2025-25291	https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaaevd23	seen	13 days ago
automation	CVE-2025-25291	https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaabxl23	seen	13 days ago
automation	CVE-2025-25291	https://bsky.app/profile/getpokemon7.bsky.social/post/3lkemmpsaus2o	seen	13 days ago
automation	CVE-2025-25291	https://bsky.app/profile/securityrss.bsky.social/post/3lkdyyts5z62u	seen	13 days ago
automation	CVE-2025-25291	https://threatintel.cc/2025/03/14/gitlab-addressed-critical-auth-bypass.html	seen	14 days ago
automation	CVE-2025-25291	https://bsky.app/profile/dimaiosdev.bsky.social/post/3lkdbeyncf22c	seen	14 days ago
automation	CVE-2025-25291	https://infosec.exchange/users/cR0w/statuses/114154867825552089	seen	14 days ago
automation	CVE-2025-25291	https://infosec.exchange/users/cR0w/statuses/114154851252724733	seen	14 days ago
automation	CVE-2025-25291	https://infosec.exchange/users/cR0w/statuses/114154846152927799	seen	14 days ago
automation	CVE-2025-25291	https://infosec.exchange/users/decio/statuses/114154270169549367	seen	15 days ago
automation	CVE-2025-25291	https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/	seen	15 days ago

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0

Description

Vulnerabilities included in this bundle

Meta

Author

Combined sightings