AI description
CVE-2025-25291 is an authentication bypass vulnerability found in ruby-saml, a Security Assertion Markup Language (SAML) single sign-on (SSO) library for Ruby. The vulnerability stems from a parser differential between ReXML and Nokogiri, where these parsers generate different document structures from the same XML input. This discrepancy allows an attacker to execute a Signature Wrapping attack. Specifically, the vulnerability exists because ReXML and Nokogiri parse XML differently, potentially leading to an authentication bypass. An attacker with access to a valid signed SAML document from the Identity Provider (IdP) could authenticate as another valid user within the environment's SAML IdP. This vulnerability affects GitLab CE/EE versions 17.9.0, 17.9.1, 17.8.0, 17.8.1, 17.8.2, 17.8.3, 17.8.4, 17.7.0, 17.7.1, 17.7.2, 17.7.3, 17.7.4, 17.7.5, 17.7.6, and below. Patched versions are available in ruby-saml versions 1.12.4 and 1.18.0.
- Description
- ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 8.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-347
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
5
🚨 CVE-2025-25291 🔴 HIGH (8.8) 🏢 SAML-Toolkits - ruby-saml 🏗️ < 1.12.4 🔗 https://t.co/Gf7KWPUpz2 🔗 https://t.co/h8YdAeYu74 🔗 https://t.co/fxnZzkf4hP 🔗 https://t.co/EcYP1l10gv 🔗 https://t.co/f8aBRIeY8r 🔗 https://t.co/EXTDB5lbdj #CyberCron #VulnAlert #InfoSec https://t.
@cybercronai
14 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitLab lanzó actualizaciones de seguridad para Community Edition (CE) y Enterprise Edition (EE), que corrigen nueve vulnerabilidades Dos vulnerabilidades críticas: ⚠️ CVE-2025-25291 ⚠️ CVE-2025-25292 Bypassing SAML SSO https://t.co/nA9V84I8e9 https://t.co/GQa3KaDZyw
@elhackernet
13 Mar 2025
184 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 GitHub Uncovers Critical Ruby-SAML Vulnerabilities! 🚨 Two high-severity flaws (CVE-2025-25291 & CVE-2025-25292, CVSS 8.8) allow attackers to bypass authentication and gain unauthorized access! 😨 🔴 Also found: CVE-2025-25293 (CVSS 7.7) enabling DoS attacks via compress
@cybrhoodsentinl
13 Mar 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RubySec ➜ CVE-2025-25291 (ruby-saml): Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) https://t.co/enL9FWtP5M
@rubylandnews
13 Mar 2025
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: GitLab Login Vulnerabilities 📅 Timeline: Disclosure: 2025-03-12, Patch: 2025-03-12 📌 Attribution: GitLab Security Team 🆔 cveId: CVE-2025-25291, CVE-2025-25292, CVE-2025-27407 📊 baseScore: • CVE-2025-25291: 9.8 (Critical) • CVE-2025-25292: 9.8… https:/
@syedaquib77
13 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-25291, -25292 y más: Múltiples vulnerabilidades en GitLab (8.8/10). Incluyen conflicto de interpretación, DoS, exposición de credenciales, etc. 📰Más información: https://t.co/om2mqdQpib" #ciberseguridad #ciberataque #hacking
@Cyph3R_CyberSec
13 Mar 2025
72 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 ruby-saml Flaws Open SAML Auth to Hijacking GitHub Security Lab found CVE-2025-25291 & CVE-2025-25292 (CVSS 8.8) in ruby-saml, allowing attackers to bypass authentication using a valid signature. 🔗 Read: https://t.co/Tgw91lKeAB 🔑 Update now or risk account takeover.
@TheHackersNews
13 Mar 2025
7925 Impressions
19 Retweets
24 Likes
3 Bookmarks
1 Reply
2 Quotes
GitLabが重大(Critical)な認証回避の脆弱性2件を緊急修正。CVE-2025-25291とCVE-2025-25292はruby-samlライブラリに起因し、IdPからの有効な署名を持つSAMLドキュメントにアクセス可能な攻撃者が、他のユーザとしてアクセス可能。ReXMLとNokogiriのXMLパース挙動差異に起因。 https://t.co/knAJy20JCs
@__kokumoto
13 Mar 2025
1577 Impressions
9 Retweets
13 Likes
4 Bookmarks
0 Replies
0 Quotes
GitLab Urgently Patches Critical Authentication Bypass Flaws – CVE-2025-25291 & CVE-2025-25292 https://t.co/7xY1tRvdte
@Dinosn
13 Mar 2025
2929 Impressions
9 Retweets
37 Likes
4 Bookmarks
0 Replies
0 Quotes
GitLab Urgently Patches Critical Authentication Bypass Flaws - CVE-2025-25291 & CVE-2025-25292 Two of the most severe issues, tracked as CVE-2025-25291 and CVE-2025-25292, reside in the ruby-saml library, which #GitLab uses for #SAML #SSO authentication https://t.co/WpPBohTw
@the_yellow_fall
13 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25291 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to ver… https://t.co/q4RJ9Tfi14
@CVEnew
12 Mar 2025
633 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes