CVE-2025-25292

Name of the Vulnerable Software and Affected Versions ruby-saml versions prior to 1.12.4 and 1.18.0

Description An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, generating entirely different document structures from the same XML input. This allows an attacker to execute a Signature Wrapping attack, which may lead to authentication bypass.

Recommendations To resolve the issue, update to version 1.12.4 or 1.18.0, as these versions contain a patch for the vulnerability. For versions prior to 1.12.4 and 1.18.0, consider disabling the ReXML and Nokogiri parsers until a patch is applied. Restrict access to the SAML authentication endpoint to minimize the risk of exploitation.