AI description
CVE-2025-25291 is an authentication bypass vulnerability found in ruby-saml, a Security Assertion Markup Language (SAML) single sign-on (SSO) library for Ruby. The vulnerability stems from a parser differential between ReXML and Nokogiri, where these parsers generate different document structures from the same XML input. This discrepancy allows an attacker to execute a Signature Wrapping attack. Specifically, the vulnerability exists because ReXML and Nokogiri parse XML differently, potentially leading to an authentication bypass. An attacker with access to a valid signed SAML document from the Identity Provider (IdP) could authenticate as another valid user within the environment's SAML IdP. This vulnerability affects GitLab CE/EE versions 17.9.0, 17.9.1, 17.8.0, 17.8.1, 17.8.2, 17.8.3, 17.8.4, 17.7.0, 17.7.1, 17.7.2, 17.7.3, 17.7.4, 17.7.5, 17.7.6, and below. Patched versions are available in ruby-saml versions 1.12.4 and 1.18.0.
- Description
- ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-347
- Hype score
- Not currently trending
https://t.co/5VY4RXv1e2 A quick note while analyzing CVE-2025-25291 gitlab saml auth bypass
@testanull
22 Mar 2025
10156 Impressions
37 Retweets
158 Likes
65 Bookmarks
0 Replies
0 Quotes
Discover how parser differentials led to critical authentication bypass vulnerabilities in ruby-saml (CVE-2025-25291 + CVE-2025-25292). #RubySAML #CyberSecurity https://t.co/1OVdVLWogS
@FreelancebarM
18 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-25291
@transilienceai
17 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-25291
@transilienceai
17 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Complex/convoluted systems are /always/ insecure because one gets tired and glosses over the details, instead of checking everything end-to-end. This time, GitHub researchers found in ruby-saml you can reuse signatures to sign in as anyone (CVE-2025-25291 + CVE-2025-25292) https
@oleksandr_now
16 Mar 2025
191 Impressions
2 Retweets
3 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-25291
@transilienceai
16 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
GitLabが重大な認証バイパスの脆弱性を修正しました(CVE-2025-25291,CVE-2025-25292) https://t.co/crQrJZsuOl #Security #セキュリティ
@SecureShield_
16 Mar 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-25291
@transilienceai
15 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabilities that rely on a parser differential were uncovered. https://t.co/Iq5y4pzSc6
@cyber_advising
15 Mar 2025
721 Impressions
3 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
Critical #vulnerabilities (CVE-2025-25291 & CVE-2025-25292) have been found in ruby-saml versions up to 1.17.0. These flaws could allow attackers to bypass authentication and potentially take over accounts. #ThreatIntelligence #CyberSecurity https://t.co/Hy3gdmo7p2
@MalwarePatrol
14 Mar 2025
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RubyのSAML認証ライブラリ「ruby-saml」に認証回避の脆弱性(CVE-2025-25291、CVE-2025-25292)が発見され、多くのWebアプリがアカウント乗っ取りの危険に晒されている。 GitHub Security… https://t.co/jQgSFIID9S
@yousukezan
14 Mar 2025
1040 Impressions
1 Retweet
5 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-25291 🔴 HIGH (8.8) 🏢 SAML-Toolkits - ruby-saml 🏗️ < 1.12.4 🔗 https://t.co/Gf7KWPUpz2 🔗 https://t.co/h8YdAeYu74 🔗 https://t.co/fxnZzkf4hP 🔗 https://t.co/EcYP1l10gv 🔗 https://t.co/f8aBRIeY8r 🔗 https://t.co/EXTDB5lbdj #CyberCron #VulnAlert #InfoSec https://t.
@cybercronai
14 Mar 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitLab lanzó actualizaciones de seguridad para Community Edition (CE) y Enterprise Edition (EE), que corrigen nueve vulnerabilidades Dos vulnerabilidades críticas: ⚠️ CVE-2025-25291 ⚠️ CVE-2025-25292 Bypassing SAML SSO https://t.co/nA9V84I8e9 https://t.co/GQa3KaDZyw
@elhackernet
13 Mar 2025
184 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 GitHub Uncovers Critical Ruby-SAML Vulnerabilities! 🚨 Two high-severity flaws (CVE-2025-25291 & CVE-2025-25292, CVSS 8.8) allow attackers to bypass authentication and gain unauthorized access! 😨 🔴 Also found: CVE-2025-25293 (CVSS 7.7) enabling DoS attacks via compress
@cybrhoodsentinl
13 Mar 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RubySec ➜ CVE-2025-25291 (ruby-saml): Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) https://t.co/enL9FWtP5M
@rubylandnews
13 Mar 2025
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: GitLab Login Vulnerabilities 📅 Timeline: Disclosure: 2025-03-12, Patch: 2025-03-12 📌 Attribution: GitLab Security Team 🆔 cveId: CVE-2025-25291, CVE-2025-25292, CVE-2025-27407 📊 baseScore: • CVE-2025-25291: 9.8 (Critical) • CVE-2025-25292: 9.8… https:/
@syedaquib77
13 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-25291, -25292 y más: Múltiples vulnerabilidades en GitLab (8.8/10). Incluyen conflicto de interpretación, DoS, exposición de credenciales, etc. 📰Más información: https://t.co/om2mqdQpib" #ciberseguridad #ciberataque #hacking
@Cyph3R_CyberSec
13 Mar 2025
72 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 ruby-saml Flaws Open SAML Auth to Hijacking GitHub Security Lab found CVE-2025-25291 & CVE-2025-25292 (CVSS 8.8) in ruby-saml, allowing attackers to bypass authentication using a valid signature. 🔗 Read: https://t.co/Tgw91lKeAB 🔑 Update now or risk account takeover.
@TheHackersNews
13 Mar 2025
7925 Impressions
19 Retweets
24 Likes
3 Bookmarks
1 Reply
2 Quotes
GitLabが重大(Critical)な認証回避の脆弱性2件を緊急修正。CVE-2025-25291とCVE-2025-25292はruby-samlライブラリに起因し、IdPからの有効な署名を持つSAMLドキュメントにアクセス可能な攻撃者が、他のユーザとしてアクセス可能。ReXMLとNokogiriのXMLパース挙動差異に起因。 https://t.co/knAJy20JCs
@__kokumoto
13 Mar 2025
1577 Impressions
9 Retweets
13 Likes
4 Bookmarks
0 Replies
0 Quotes
GitLab Urgently Patches Critical Authentication Bypass Flaws – CVE-2025-25291 & CVE-2025-25292 https://t.co/7xY1tRvdte
@Dinosn
13 Mar 2025
2929 Impressions
9 Retweets
37 Likes
4 Bookmarks
0 Replies
0 Quotes
GitLab Urgently Patches Critical Authentication Bypass Flaws - CVE-2025-25291 & CVE-2025-25292 Two of the most severe issues, tracked as CVE-2025-25291 and CVE-2025-25292, reside in the ruby-saml library, which #GitLab uses for #SAML #SSO authentication https://t.co/WpPBohTw
@the_yellow_fall
13 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-25291 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to ver… https://t.co/q4RJ9Tfi14
@CVEnew
12 Mar 2025
633 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes