CVE-2025-66568

Name of the Vulnerable Software and Affected Versions ruby-saml versions through 1.12.4

Description The ruby-saml library, which handles SAML authorization on the client side, has a flaw that could allow an attacker to bypass authentication. This is due to how the library processes XML data using Nokogiri and libxml2. Specifically, the canonicalization process within libxml2, when given invalid XML, can return an empty string instead of a properly canonicalized version. ruby-saml then calculates a DigestValue based on this empty string, incorrectly assuming the canonicalization was successful. This enables a Signature Wrapping attack.

Recommendations Update to version 1.18.0 or later.