PT-2025-33297 · Mendix · Mendix Saml
Published
2025-08-14
·
Updated
2025-11-30
·
CVE-2025-40758
CVSS v3.1
8.7
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Mendix SAML (Mendix 10.12 compatible) versions prior to 4.0.3
Mendix SAML (Mendix 10.21 compatible) versions prior to 4.1.2
Mendix SAML (Mendix 9.24 compatible) versions prior to 3.6.21
Description:
The Mendix SAML module insufficiently enforces signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific Single Sign-On (SSO) configurations.
Recommendations:
Update Mendix SAML (Mendix 10.12 compatible) to version 4.0.3 or later.
Update Mendix SAML (Mendix 10.21 compatible) to version 4.1.2 or later.
Update Mendix SAML (Mendix 9.24 compatible) to version 3.6.21 or later.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mendix Saml