CVE-2025-9943

Name of the Vulnerable Software and Affected Versions: Shibboleth Service Provider versions through 3.5.0

Description: An SQL injection vulnerability exists in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider (SP) is configured to use an SQL database as storage. An unauthenticated attacker can exploit this issue via blind SQL injection, potentially extracting arbitrary data from the database if the database connection uses the ODBC plugin. The vulnerability stems from inadequate escaping of single quotes within the SQLString class (file odbc-store.cpp, lines 253-271).

Recommendations: For versions through 3.5.0, ensure proper escaping of single quotes in the SQLString class within the odbc-store.cpp file. As a temporary workaround, consider disabling the replay cache feature or switching to a different storage mechanism that is not susceptible to SQL injection attacks.