Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0

Created on 2025-03-13 05:57 and updated on 2025-03-13 05:57.

Description

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. More information: https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/

Vulnerabilities included in this bundle

CVE-2024-45409:
CVE-2025-25292:
CVE-2024-9487:
CVE-2025-25291:

Meta

[
  {
    "ref": [
      "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/"
    ]
  }
]

Author

Cédric Bonhomme

Combined sightings

Author	Vulnerability	Source	Type	Date