CVE-2025-54369

Name of the Vulnerable Software and Affected Versions Node-SAML (affected versions not specified)

Description Node-SAML is susceptible to a flaw where it loads the assertion from the unsigned original response document, differing from the signature verification process. This allows modification of authentication details within a valid SAML assertion, such as removing characters from the username. An attacker requires a validly signed document from the identity provider (IdP) to conduct this attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.