- Description
- Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-287
- Hype score
- Not currently trending
A critical vulnerability in Sentry's SAML SSO could allow account takeovers (CVE-2025-22146, CVSS 9.1). Users should upgrade to version 25.1.0 to patch this flaw. 🚨 #Sentry #AccountSecurity #USA link: https://t.co/hFl8xEtURg https://t.co/Y31z45YJpF
@TweetThreatNews
21 Jan 2025
52 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-22146 (CVSS: 9.1) : Critical Sentry Vulnerability Allowed Account Takeovers ⚠️The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. ZoomEye… https://t.co/v
@zoomeye_team
21 Jan 2025
576 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-22146 (CVSS 9.1): Critical Sentry Vulnerability Allowed Account Takeovers 📊 174k+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/f5VmihiqCS 👇Query HUNTER : https://t.co/q9rtuGfZuz="Sentry Error Monitoring" FOFA :… https:/
@HunterMapping
21 Jan 2025
3053 Impressions
14 Retweets
48 Likes
17 Bookmarks
0 Replies
0 Quotes
CVE-2025-22146は、エラートラッキングとパフォーマンスモニタリングプラットフォームであるSentryのSAML SSO実装の不適切な認証処理によるものです。攻撃者が悪意のあるSAML IdPを利用し、同一のインスタンス内でユーザーに成りすますことが可能でした。CVSSスコアは9.1と高いリスクを示しています。
@t_nihonmatsu
21 Jan 2025
495 Impressions
1 Retweet
6 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-22146 (CVSS 9.1): Critical Sentry Vulnerability Allowed Account Takeovers https://t.co/818JXrukur
@Dinosn
21 Jan 2025
2217 Impressions
2 Retweets
10 Likes
5 Bookmarks
0 Replies
0 Quotes
エラー監視ツールSentryに重大(Critical)な脆弱性。CVE-2025-22146はCVSSスコア9.1。SAML SSOの実装に起因し、悪意あるSAML IdPを使用し同一インスタンス内の別組織を狙うことで、組織内でメールアドレスがわかる任意のユーザーを乗っ取れるもの。バージョン25.1.0で修正。 https://t.co/YQSL8MUhk5
@__kokumoto
21 Jan 2025
1020 Impressions
1 Retweet
11 Likes
5 Bookmarks
0 Replies
1 Quote
⚠️⚠️ CVE-2025-22146 (CVSS 9.1): Critical Sentry Vulnerability Allowed Account Takeovers 🎯75k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/5fx41clp2W FOFA Query:app="SENTRY" 🔖Refer: https://t.co/C82BfHDnPt #OSINT #FOFA https://t.co
@fofabot
21 Jan 2025
1294 Impressions
4 Retweets
14 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-22146 (CVSS 9.1): Critical Sentry Vulnerability Allowed Account Takeovers Learn about the CVE-2025-22146 vulnerability in Sentry's SAML SSO implementation that could have allowed attackers to hijack user accounts https://t.co/Bqb30IBROR
@the_yellow_fall
21 Jan 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-22146 01/15/2025 08:15:30 PM BaseSeverity: CRITICAL Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was repo... https://t.co/mKlkF65e1n
@CVETracker
16 Jan 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Critical vulnerability in Sentry SAML SSO (CVE-2025-22146) allows account takeover if the victim's email address is known. Patch and advisory are available at: https://t.co/L2IqgenPzT #Patch #Patch #Patch
@CCBalert
16 Jan 2025
181 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-22146: CRITICAL] Critical vulnerability in Sentry's SAML SSO system discovered, allowing account takeovers. Fixed for SaaS users on Jan 14, 2025. Update to version 25.1.0+ for self-hosted users.#cybersecurity,#vulnerability https://t.co/MitPeJz8Qr https://t.co/RMdQYpt5X
@CveFindCom
15 Jan 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes