CVE-2025-22146

Name of the Vulnerable Software and Affected Versions Sentry versions prior to 25.1.0

Description A critical issue was discovered in the SAML SSO implementation of Sentry, allowing an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim's email address must be known to exploit this issue. Over 174k services are potentially affected.

Recommendations For self-hosted users, if only a single organization is allowed (SENTRY SINGLE ORGANIZATION = True), then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. As a temporary workaround, consider restricting access to the SAML SSO implementation until a patch is applied. Avoid using the vulnerable SAML Identity Provider in the affected Sentry instance until the issue is resolved. No known workarounds are available for this issue.