CVE-2025-25292

Published Mar 12, 2025

Last updated 3 hours ago

CVSS high 8.8
Ruby

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-25292 is an authentication bypass vulnerability found in the ruby-saml library, which is used by GitLab for SAML single sign-on (SSO). The vulnerability exists due to a parser differential between ReXML and Nokogiri, which can lead to different document structures being generated from the same XML input. This difference in parsing allows an attacker with a valid signed SAML document to potentially execute a Signature Wrapping attack and authenticate as another valid user within the SAML Identity Provider (IdP) environment. The vulnerability affects GitLab CE/EE versions 17.9.0, 17.9.1, 17.8.0, 17.8.1, 17.8.2, 17.8.3, 17.8.4, 17.7.0, 17.7.1, 17.7.2, 17.7.3, 17.7.4, 17.7.5, 17.7.6, and below. Patches are available in versions 1.12.4 and 1.18.0 of ruby-saml and GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2.

Description
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-347

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

5

  1. 🚨 CVE-2025-25292 🔴 HIGH (8.8) 🏢 SAML-Toolkits - ruby-saml 🏗️ < 1.12.4 🔗 https://t.co/fLcXYYrRN1 🔗 https://t.co/h8YdAeYu74 🔗 https://t.co/fxnZzkf4hP 🔗 https://t.co/EcYP1l10gv 🔗 https://t.co/f8aBRIeY8r 🔗 https://t.co/EXTDB5lbdj #CyberCron #VulnAlert #InfoSec https://t.

    @cybercronai

    14 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. GitLab lanzó actualizaciones de seguridad para Community Edition (CE) y Enterprise Edition (EE), que corrigen nueve vulnerabilidades Dos vulnerabilidades críticas: ⚠️ CVE-2025-25291 ⚠️ CVE-2025-25292 Bypassing SAML SSO https://t.co/nA9V84I8e9 https://t.co/GQa3KaDZyw

    @elhackernet

    13 Mar 2025

    184 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 GitHub Uncovers Critical Ruby-SAML Vulnerabilities! 🚨 Two high-severity flaws (CVE-2025-25291 & CVE-2025-25292, CVSS 8.8) allow attackers to bypass authentication and gain unauthorized access! 😨 🔴 Also found: CVE-2025-25293 (CVSS 7.7) enabling DoS attacks via compress

    @cybrhoodsentinl

    13 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️ Vulnerability Alert: GitLab Login Vulnerabilities 📅 Timeline: Disclosure: 2025-03-12, Patch: 2025-03-12 📌 Attribution: GitLab Security Team 🆔 cveId: CVE-2025-25291, CVE-2025-25292, CVE-2025-27407 📊 baseScore: • CVE-2025-25291: 9.8 (Critical) • CVE-2025-25292: 9.8… https:/

    @syedaquib77

    13 Mar 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🔴 ruby-saml Flaws Open SAML Auth to Hijacking GitHub Security Lab found CVE-2025-25291 & CVE-2025-25292 (CVSS 8.8) in ruby-saml, allowing attackers to bypass authentication using a valid signature. 🔗 Read: https://t.co/Tgw91lKeAB 🔑 Update now or risk account takeover.

    @TheHackersNews

    13 Mar 2025

    7925 Impressions

    19 Retweets

    24 Likes

    3 Bookmarks

    1 Reply

    2 Quotes

  6. GitLabが重大(Critical)な認証回避の脆弱性2件を緊急修正。CVE-2025-25291とCVE-2025-25292はruby-samlライブラリに起因し、IdPからの有効な署名を持つSAMLドキュメントにアクセス可能な攻撃者が、他のユーザとしてアクセス可能。ReXMLとNokogiriのXMLパース挙動差異に起因。 https://t.co/knAJy20JCs

    @__kokumoto

    13 Mar 2025

    1577 Impressions

    9 Retweets

    13 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  7. GitLab Urgently Patches Critical Authentication Bypass Flaws – CVE-2025-25291 & CVE-2025-25292 https://t.co/7xY1tRvdte

    @Dinosn

    13 Mar 2025

    2929 Impressions

    9 Retweets

    37 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  8. GitLab Urgently Patches Critical Authentication Bypass Flaws - CVE-2025-25291 & CVE-2025-25292 Two of the most severe issues, tracked as CVE-2025-25291 and CVE-2025-25292, reside in the ruby-saml library, which #GitLab uses for #SAML #SSO authentication https://t.co/WpPBohTw

    @the_yellow_fall

    13 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. New post from https://t.co/uXvPWJy6tj (CVE-2025-25292 | SAML-Toolkits ruby-saml up to 1.12.3/1.17.x ReXML/Nokogiri signature verification (GHSA-754f-8gm6-c4r2)) has been published on https://t.co/LG8p7wmANH

    @WolfgangSesin

    13 Mar 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-25292 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to ver… https://t.co/DqWuJw5XPR

    @CVEnew

    12 Mar 2025

    513 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References