CVE-2025-47949

Name of the Vulnerable Software and Affected Versions samlify versions prior to 2.10.0

Description A Signature Wrapping attack has been found in samlify, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. This issue affects all versions prior to 2.10.0, posing a high-priority risk for SAML-based SSO systems. No active exploits have been reported.

Recommendations For versions prior to 2.10.0, update to version 2.10.0 to secure your application and prevent the Signature Wrapping attack. As a temporary workaround, consider restricting access to the SAML single sign-on functionality until the update is applied.