PT-2025-9999 · Fleet · Fleet
Hakivvi
+2
·
Published
2025-03-06
·
Updated
2025-03-13
·
CVE-2025-27509
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Fleet versions prior to 4.64.2
Fleet versions prior to 4.63.2
Fleet versions prior to 4.62.4
Fleet versions prior to 4.58.1
Description
The issue allows an attacker to craft a specially-formed SAML response to forge authentication assertions. This can lead to provisioning a new administrative user account if Just-In-Time (JIT) provisioning is enabled, or creating new accounts tied to forged assertions if MDM enrollment is enabled.
Recommendations
For versions prior to 4.64.2, update to version 4.64.2 or later.
For versions prior to 4.63.2, update to version 4.63.2 or later.
For versions prior to 4.62.4, update to version 4.62.4 or later.
For versions prior to 4.58.1, update to version 4.58.1 or later.
Exploit
Fix
Special Elements Injection
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fleet