Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/ruby-saml@0.0.5
Typegem
Namespace
Nameruby-saml
Version0.0.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.18.1
Latest_non_vulnerable_version1.18.1
Affected_by_vulnerabilities
0
url VCID-12er-nkhb-5kck
vulnerability_id VCID-12er-nkhb-5kck
summary 
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)
### Summary
An authentication bypass vulnerability was found in ruby-saml due to a parser differential.
ReXML and Nokogiri parse XML differently, the parsers can generate entirely
different document structures from the same XML input. That allows an
attacker to be able to execute a Signature Wrapping attack.

### Impact
This issue may lead to authentication bypass.
references
0
reference_url https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:32:48Z/
url https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-25292
reference_id
reference_type
scores
0
value 0.03321
scoring_system epss
scoring_elements 0.87519
published_at 2026-06-05T12:55:00Z
1
value 0.03321
scoring_system epss
scoring_elements 0.87514
published_at 2026-06-08T12:55:00Z
2
value 0.03321
scoring_system epss
scoring_elements 0.87518
published_at 2026-06-06T12:55:00Z
3
value 0.03321
scoring_system epss
scoring_elements 0.87526
published_at 2026-06-09T12:55:00Z
4
value 0.03321
scoring_system epss
scoring_elements 0.87516
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-25292
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25292
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25292
3
reference_url https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:32:48Z/
url https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
4
reference_url https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:32:48Z/
url https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
5
reference_url https://github.com/SAML-Toolkits/ruby-saml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/SAML-Toolkits/ruby-saml
6
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:32:48Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
7
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:32:48Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
8
reference_url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:32:48Z/
url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
9
reference_url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:32:48Z/
url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
10
reference_url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
4
value CRITICAL
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:32:48Z/
url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2
11
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html
12
reference_url https://news.ycombinator.com/item?id=43374519
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://news.ycombinator.com/item?id=43374519
13
reference_url https://portswigger.net/research/saml-roulette-the-hacker-always-wins
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:32:48Z/
url https://portswigger.net/research/saml-roulette-the-hacker-always-wins
14
reference_url https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-18T14:32:48Z/
url https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml
15
reference_url https://security.netapp.com/advisory/ntap-20250314-0009
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250314-0009
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100441
reference_id 1100441
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100441
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-25292
reference_id CVE-2025-25292
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-25292
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-25292.yml
reference_id CVE-2025-25292.YML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-25292.yml
19
reference_url https://github.com/advisories/GHSA-754f-8gm6-c4r2
reference_id GHSA-754f-8gm6-c4r2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-754f-8gm6-c4r2
20
reference_url https://usn.ubuntu.com/7409-1/
reference_id USN-7409-1
reference_type
scores
url https://usn.ubuntu.com/7409-1/
fixed_packages
0
url pkg:gem/ruby-saml@1.12.4
purl pkg:gem/ruby-saml@1.12.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7g5d-1wbd-w3ev
1
vulnerability VCID-w8r1-wnkc-e3hk
2
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.12.4
1
url pkg:gem/ruby-saml@1.18.0
purl pkg:gem/ruby-saml@1.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w8r1-wnkc-e3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.18.0
aliases CVE-2025-25292, GHSA-754f-8gm6-c4r2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12er-nkhb-5kck
1
url VCID-4cuy-qn4h-vkcx
vulnerability_id VCID-4cuy-qn4h-vkcx
summary The package ruby-saml is vulnerable to an XML signature wrapping attack in the specific scenario where there was a signature that referenced two elements at the same time (but past the scheme validator process since 1 of the element was inside the encrypted assertion).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-5697
reference_id
reference_type
scores
0
value 0.00416
scoring_system epss
scoring_elements 0.62024
published_at 2026-06-04T12:55:00Z
1
value 0.00416
scoring_system epss
scoring_elements 0.6207
published_at 2026-06-09T12:55:00Z
2
value 0.00416
scoring_system epss
scoring_elements 0.62054
published_at 2026-06-08T12:55:00Z
3
value 0.00416
scoring_system epss
scoring_elements 0.62069
published_at 2026-06-07T12:55:00Z
4
value 0.00416
scoring_system epss
scoring_elements 0.6208
published_at 2026-06-06T12:55:00Z
5
value 0.00416
scoring_system epss
scoring_elements 0.62072
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-5697
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697
2
reference_url https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2016-5697.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2016-5697.yml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5697
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-5697
5
reference_url http://www.openwall.com/lists/oss-security/2016/06/24/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/06/24/3
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828076
reference_id 828076
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828076
7
reference_url https://github.com/advisories/GHSA-36p7-xjw8-h6f2
reference_id GHSA-36p7-xjw8-h6f2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-36p7-xjw8-h6f2
8
reference_url https://usn.ubuntu.com/7309-1/
reference_id USN-7309-1
reference_type
scores
url https://usn.ubuntu.com/7309-1/
fixed_packages
0
url pkg:gem/ruby-saml@1.3.0
purl pkg:gem/ruby-saml@1.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12er-nkhb-5kck
1
vulnerability VCID-7g5d-1wbd-w3ev
2
vulnerability VCID-d6a2-bseb-b7fb
3
vulnerability VCID-e63v-x8w4-vufw
4
vulnerability VCID-uhu9-4mv8-nbaf
5
vulnerability VCID-w1rp-n9ej-ruhv
6
vulnerability VCID-w8r1-wnkc-e3hk
7
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.3.0
aliases CVE-2016-5697, GHSA-36p7-xjw8-h6f2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cuy-qn4h-vkcx
2
url VCID-7g5d-1wbd-w3ev
vulnerability_id VCID-7g5d-1wbd-w3ev
summary 
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not affect the version 1.18.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66567
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.16133
published_at 2026-06-05T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.16015
published_at 2026-06-09T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15993
published_at 2026-06-08T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.16079
published_at 2026-06-07T12:55:00Z
4
value 0.0005
scoring_system epss
scoring_elements 0.16123
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66567
1
reference_url https://github.com/SAML-Toolkits/ruby-saml
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/SAML-Toolkits/ruby-saml
2
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-09T14:16:33Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66567
reference_id CVE-2025-66567
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66567
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-66567.yml
reference_id CVE-2025-66567.YML
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-66567.yml
5
reference_url https://github.com/advisories/GHSA-754f-8gm6-c4r2
reference_id GHSA-754f-8gm6-c4r2
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-09T14:16:33Z/
url https://github.com/advisories/GHSA-754f-8gm6-c4r2
6
reference_url https://github.com/advisories/GHSA-9v8j-x534-2fx3
reference_id GHSA-9v8j-x534-2fx3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9v8j-x534-2fx3
7
reference_url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3
reference_id GHSA-9v8j-x534-2fx3
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-09T14:16:33Z/
url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3
fixed_packages
0
url pkg:gem/ruby-saml@1.18.0
purl pkg:gem/ruby-saml@1.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w8r1-wnkc-e3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.18.0
aliases CVE-2025-66567, GHSA-9v8j-x534-2fx3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7g5d-1wbd-w3ev
3
url VCID-an6g-hdf9-w7dp
vulnerability_id VCID-an6g-hdf9-w7dp
summary 
XXE vulnerability
The gem is vulnerable to external entity expansion attacks.
references
0
reference_url https://github.com/onelogin/ruby-saml/commit/a2e5318530701bf14528c5b3b51c880b3499a75d
reference_id
reference_type
scores
url https://github.com/onelogin/ruby-saml/commit/a2e5318530701bf14528c5b3b51c880b3499a75d
1
reference_url https://github.com/onelogin/ruby-saml/pull/247
reference_id
reference_type
scores
url https://github.com/onelogin/ruby-saml/pull/247
fixed_packages
0
url pkg:gem/ruby-saml@1.0.0
purl pkg:gem/ruby-saml@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12er-nkhb-5kck
1
vulnerability VCID-4cuy-qn4h-vkcx
2
vulnerability VCID-7g5d-1wbd-w3ev
3
vulnerability VCID-d6a2-bseb-b7fb
4
vulnerability VCID-e63v-x8w4-vufw
5
vulnerability VCID-uhu9-4mv8-nbaf
6
vulnerability VCID-w1rp-n9ej-ruhv
7
vulnerability VCID-w8r1-wnkc-e3hk
8
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.0.0
aliases OSVDB-124383
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-an6g-hdf9-w7dp
4
url VCID-d6a2-bseb-b7fb
vulnerability_id VCID-d6a2-bseb-b7fb
summary 
Ruby SAML allows remote Denial of Service (DoS) with compressed SAML responses
### Summary
ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses.

Ruby-saml uses zlib to decompress SAML responses in case they're compressed.
It is possible to bypass the message size check with a compressed assertion
since the message size is checked before inflation and not after.

### Impact
This issue may lead to remote Denial of Service (DoS).
references
0
reference_url https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T20:36:09Z/
url https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-25293
reference_id
reference_type
scores
0
value 0.06225
scoring_system epss
scoring_elements 0.91064
published_at 2026-06-09T12:55:00Z
1
value 0.06225
scoring_system epss
scoring_elements 0.91048
published_at 2026-06-08T12:55:00Z
2
value 0.06225
scoring_system epss
scoring_elements 0.91052
published_at 2026-06-07T12:55:00Z
3
value 0.06225
scoring_system epss
scoring_elements 0.91055
published_at 2026-06-06T12:55:00Z
4
value 0.06225
scoring_system epss
scoring_elements 0.91056
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-25293
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25293
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25293
3
reference_url https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T20:36:09Z/
url https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
4
reference_url https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T20:36:09Z/
url https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
5
reference_url https://github.com/SAML-Toolkits/ruby-saml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/SAML-Toolkits/ruby-saml
6
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T20:36:09Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a
7
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T20:36:09Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1
8
reference_url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T20:36:09Z/
url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
9
reference_url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T20:36:09Z/
url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
10
reference_url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T20:36:09Z/
url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
11
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html
12
reference_url https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-12T20:36:09Z/
url https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml
13
reference_url https://security.netapp.com/advisory/ntap-20250314-0008
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250314-0008
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100441
reference_id 1100441
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100441
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-25293
reference_id CVE-2025-25293
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-25293
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-25293.yml
reference_id CVE-2025-25293.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-25293.yml
17
reference_url https://github.com/advisories/GHSA-92rq-c8cf-prrq
reference_id GHSA-92rq-c8cf-prrq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92rq-c8cf-prrq
18
reference_url https://usn.ubuntu.com/7409-1/
reference_id USN-7409-1
reference_type
scores
url https://usn.ubuntu.com/7409-1/
fixed_packages
0
url pkg:gem/ruby-saml@1.12.4
purl pkg:gem/ruby-saml@1.12.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7g5d-1wbd-w3ev
1
vulnerability VCID-w8r1-wnkc-e3hk
2
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.12.4
1
url pkg:gem/ruby-saml@1.18.0
purl pkg:gem/ruby-saml@1.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w8r1-wnkc-e3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.18.0
aliases CVE-2025-25293, GHSA-92rq-c8cf-prrq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d6a2-bseb-b7fb
5
url VCID-e63v-x8w4-vufw
vulnerability_id VCID-e63v-x8w4-vufw
summary 
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential)
### Summary
An authentication bypass vulnerability was found in ruby-saml due to a parser differential.
ReXML and Nokogiri parse XML differently, the parsers can generate entirely
different document structures from the same XML input. That allows an attacker
to be able to execute a Signature Wrapping attack.

### Impact
This issue may lead to authentication bypass.
references
0
reference_url https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-03T20:06:31Z/
url https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-25291
reference_id
reference_type
scores
0
value 0.20843
scoring_system epss
scoring_elements 0.95739
published_at 2026-06-09T12:55:00Z
1
value 0.20843
scoring_system epss
scoring_elements 0.9573
published_at 2026-06-05T12:55:00Z
2
value 0.20843
scoring_system epss
scoring_elements 0.95734
published_at 2026-06-06T12:55:00Z
3
value 0.20843
scoring_system epss
scoring_elements 0.95735
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-25291
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25291
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25291
3
reference_url https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-03T20:06:31Z/
url https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials
4
reference_url https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-03T20:06:31Z/
url https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv
5
reference_url https://github.com/SAML-Toolkits/ruby-saml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/SAML-Toolkits/ruby-saml
6
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-03T20:06:31Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9
7
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-03T20:06:31Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97
8
reference_url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-03T20:06:31Z/
url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
9
reference_url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-03T20:06:31Z/
url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
10
reference_url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
4
value CRITICAL
scoring_system generic_textual
scoring_elements
5
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-03T20:06:31Z/
url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm
11
reference_url https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html
12
reference_url https://news.ycombinator.com/item?id=43374519
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://news.ycombinator.com/item?id=43374519
13
reference_url https://portswigger.net/research/saml-roulette-the-hacker-always-wins
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-03T20:06:31Z/
url https://portswigger.net/research/saml-roulette-the-hacker-always-wins
14
reference_url https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-03T20:06:31Z/
url https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml
15
reference_url https://security.netapp.com/advisory/ntap-20250314-0010
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250314-0010
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100441
reference_id 1100441
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100441
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-25291
reference_id CVE-2025-25291
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-25291
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-25291.yml
reference_id CVE-2025-25291.YML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-25291.yml
19
reference_url https://github.com/advisories/GHSA-4vc4-m8qh-g8jm
reference_id GHSA-4vc4-m8qh-g8jm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vc4-m8qh-g8jm
20
reference_url https://usn.ubuntu.com/7409-1/
reference_id USN-7409-1
reference_type
scores
url https://usn.ubuntu.com/7409-1/
fixed_packages
0
url pkg:gem/ruby-saml@1.12.4
purl pkg:gem/ruby-saml@1.12.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7g5d-1wbd-w3ev
1
vulnerability VCID-w8r1-wnkc-e3hk
2
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.12.4
1
url pkg:gem/ruby-saml@1.18.0
purl pkg:gem/ruby-saml@1.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w8r1-wnkc-e3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.18.0
aliases CVE-2025-25291, GHSA-4vc4-m8qh-g8jm
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e63v-x8w4-vufw
6
url VCID-hjc9-tfcb-efcz
vulnerability_id VCID-hjc9-tfcb-efcz
summary 
XPath Injection Vulnerability
The gem is vulnerable to XPath injection on xml_security.rb. The lack of prepared statements allows for command injection, leading to arbitrary code execution.
references
0
reference_url https://github.com/onelogin/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448
reference_id
reference_type
scores
url https://github.com/onelogin/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448
fixed_packages
0
url pkg:gem/ruby-saml@1.0.0
purl pkg:gem/ruby-saml@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12er-nkhb-5kck
1
vulnerability VCID-4cuy-qn4h-vkcx
2
vulnerability VCID-7g5d-1wbd-w3ev
3
vulnerability VCID-d6a2-bseb-b7fb
4
vulnerability VCID-e63v-x8w4-vufw
5
vulnerability VCID-uhu9-4mv8-nbaf
6
vulnerability VCID-w1rp-n9ej-ruhv
7
vulnerability VCID-w8r1-wnkc-e3hk
8
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.0.0
aliases OSVDB-124991
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjc9-tfcb-efcz
7
url VCID-kga7-6cqa-5qgh
vulnerability_id VCID-kga7-6cqa-5qgh
summary 
ruby-saml vulnerable to XPath injection
`xml_security.rb` in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-20108
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.61139
published_at 2026-06-05T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.6109
published_at 2026-06-04T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.61147
published_at 2026-06-06T12:55:00Z
3
value 0.00489
scoring_system epss
scoring_elements 0.65895
published_at 2026-06-07T12:55:00Z
4
value 0.01183
scoring_system epss
scoring_elements 0.79124
published_at 2026-06-08T12:55:00Z
5
value 0.01183
scoring_system epss
scoring_elements 0.79143
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-20108
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20108
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20108
2
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T18:38:57Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/OSVDB-124991.yml
3
reference_url https://github.com/SAML-Toolkits/ruby-saml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/SAML-Toolkits/ruby-saml
4
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T18:38:57Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448
5
reference_url https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T18:38:57Z/
url https://github.com/SAML-Toolkits/ruby-saml/compare/v0.9.2...v1.0.0
6
reference_url https://github.com/SAML-Toolkits/ruby-saml/pull/225
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T18:38:57Z/
url https://github.com/SAML-Toolkits/ruby-saml/pull/225
7
reference_url https://security.netapp.com/advisory/ntap-20230703-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230703-0003
8
reference_url https://security.snyk.io/vuln/SNYK-RUBY-RUBYSAML-20217
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.snyk.io/vuln/SNYK-RUBY-RUBYSAML-20217
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-20108
reference_id CVE-2015-20108
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-20108
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2015-20108.yml
reference_id CVE-2015-20108.YML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2015-20108.yml
11
reference_url https://github.com/advisories/GHSA-r364-2pj4-pf7f
reference_id GHSA-r364-2pj4-pf7f
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r364-2pj4-pf7f
12
reference_url https://security.netapp.com/advisory/ntap-20230703-0003/
reference_id ntap-20230703-0003
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-14T18:38:57Z/
url https://security.netapp.com/advisory/ntap-20230703-0003/
fixed_packages
0
url pkg:gem/ruby-saml@1.0.0
purl pkg:gem/ruby-saml@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12er-nkhb-5kck
1
vulnerability VCID-4cuy-qn4h-vkcx
2
vulnerability VCID-7g5d-1wbd-w3ev
3
vulnerability VCID-d6a2-bseb-b7fb
4
vulnerability VCID-e63v-x8w4-vufw
5
vulnerability VCID-uhu9-4mv8-nbaf
6
vulnerability VCID-w1rp-n9ej-ruhv
7
vulnerability VCID-w8r1-wnkc-e3hk
8
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.0.0
aliases CVE-2015-20108, GHSA-r364-2pj4-pf7f, OSV-124991
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kga7-6cqa-5qgh
8
url VCID-rrbk-ke4h-1ffc
vulnerability_id VCID-rrbk-ke4h-1ffc
summary 
Arbitrary code execution
The gem contains a flaw that is triggered as the URI value of a SAML response is not properly sanitized through a prepared statement. This may allow a remote attacker to execute arbitrary shell commands on the host machine.
references
0
reference_url https://github.com/onelogin/ruby-saml/pull/183
reference_id
reference_type
scores
url https://github.com/onelogin/ruby-saml/pull/183
1
reference_url http://www.osvdb.org/show/osvdb/117903
reference_id
reference_type
scores
url http://www.osvdb.org/show/osvdb/117903
fixed_packages
0
url pkg:gem/ruby-saml@0.8.2
purl pkg:gem/ruby-saml@0.8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12er-nkhb-5kck
1
vulnerability VCID-4cuy-qn4h-vkcx
2
vulnerability VCID-7g5d-1wbd-w3ev
3
vulnerability VCID-an6g-hdf9-w7dp
4
vulnerability VCID-d6a2-bseb-b7fb
5
vulnerability VCID-e63v-x8w4-vufw
6
vulnerability VCID-hjc9-tfcb-efcz
7
vulnerability VCID-kga7-6cqa-5qgh
8
vulnerability VCID-uhu9-4mv8-nbaf
9
vulnerability VCID-w1rp-n9ej-ruhv
10
vulnerability VCID-w8r1-wnkc-e3hk
11
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@0.8.2
aliases OSVDB-117903
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rrbk-ke4h-1ffc
9
url VCID-uhu9-4mv8-nbaf
vulnerability_id VCID-uhu9-4mv8-nbaf
summary 
Authentication bypass via incorrect DOM traversal and canonicalization
Some XML DOM traversal and canonicalization APIs may be inconsistent in handling of comments within XML nodes. Incorrect use of these APIs by some SAML libraries results in incorrect parsing of the inner text of XML nodes such that any inner text after the comment is lost prior to cryptographically signing the SAML message. Text after the comment therefore has no impact on the signature on the SAML message. A remote attacker can modify SAML content for a SAML service provider without invalidating the cryptographic signature, which may allow attackers to bypass primary authentication for the affected SAML service provider
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-11428
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59439
published_at 2026-06-09T12:55:00Z
1
value 0.00374
scoring_system epss
scoring_elements 0.59395
published_at 2026-06-04T12:55:00Z
2
value 0.00374
scoring_system epss
scoring_elements 0.59446
published_at 2026-06-05T12:55:00Z
3
value 0.00374
scoring_system epss
scoring_elements 0.59449
published_at 2026-06-06T12:55:00Z
4
value 0.00374
scoring_system epss
scoring_elements 0.59441
published_at 2026-06-07T12:55:00Z
5
value 0.00374
scoring_system epss
scoring_elements 0.59421
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-11428
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11428
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11428
2
reference_url https://cwe.mitre.org/data/definitions/287.html
reference_id
reference_type
scores
url https://cwe.mitre.org/data/definitions/287.html
3
reference_url https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
4
reference_url https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements
url https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f
5
reference_url https://github.com/onelogin/ruby-saml/releases/tag/v1.6.2
reference_id
reference_type
scores
url https://github.com/onelogin/ruby-saml/releases/tag/v1.6.2
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-11428
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-11428
7
reference_url https://shibboleth.net/community/advisories/secadv_20180112.txt
reference_id
reference_type
scores
url https://shibboleth.net/community/advisories/secadv_20180112.txt
8
reference_url https://www.kb.cert.org/vuls/id/475445
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.kb.cert.org/vuls/id/475445
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892865
reference_id 892865
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892865
10
reference_url https://github.com/advisories/GHSA-x2fr-v8wf-8wwv
reference_id GHSA-x2fr-v8wf-8wwv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x2fr-v8wf-8wwv
11
reference_url https://usn.ubuntu.com/7309-1/
reference_id USN-7309-1
reference_type
scores
url https://usn.ubuntu.com/7309-1/
fixed_packages
0
url pkg:gem/ruby-saml@1.6.2
purl pkg:gem/ruby-saml@1.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12er-nkhb-5kck
1
vulnerability VCID-7g5d-1wbd-w3ev
2
vulnerability VCID-d6a2-bseb-b7fb
3
vulnerability VCID-e63v-x8w4-vufw
4
vulnerability VCID-w1rp-n9ej-ruhv
5
vulnerability VCID-w8r1-wnkc-e3hk
6
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.6.2
1
url pkg:gem/ruby-saml@1.7.0
purl pkg:gem/ruby-saml@1.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12er-nkhb-5kck
1
vulnerability VCID-7g5d-1wbd-w3ev
2
vulnerability VCID-d6a2-bseb-b7fb
3
vulnerability VCID-e63v-x8w4-vufw
4
vulnerability VCID-w1rp-n9ej-ruhv
5
vulnerability VCID-w8r1-wnkc-e3hk
6
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.7.0
aliases CVE-2017-11428, GHSA-x2fr-v8wf-8wwv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uhu9-4mv8-nbaf
10
url VCID-w1rp-n9ej-ruhv
vulnerability_id VCID-w1rp-n9ej-ruhv
summary 
SAML authentication bypass via Incorrect XPath selector
Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response.
An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML
Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within
the vulnerable system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45409
reference_id
reference_type
scores
0
value 0.44644
scoring_system epss
scoring_elements 0.97643
published_at 2026-06-05T12:55:00Z
1
value 0.44644
scoring_system epss
scoring_elements 0.97648
published_at 2026-06-09T12:55:00Z
2
value 0.44644
scoring_system epss
scoring_elements 0.97647
published_at 2026-06-08T12:55:00Z
3
value 0.44644
scoring_system epss
scoring_elements 0.97645
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45409
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45409
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45409
2
reference_url https://github.com/omniauth/omniauth-saml
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/omniauth/omniauth-saml
3
reference_url https://github.com/omniauth/omniauth-saml/commit/4274e9d57e65f2dcaae4aa3b2accf831494f2ddd
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/omniauth/omniauth-saml/commit/4274e9d57e65f2dcaae4aa3b2accf831494f2ddd
4
reference_url https://github.com/omniauth/omniauth-saml/commit/6c681fd082ab3daf271821897a40ab3417382e29
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/omniauth/omniauth-saml/commit/6c681fd082ab3daf271821897a40ab3417382e29
5
reference_url https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements
1
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
2
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
3
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
4
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
5
value CRITICAL
scoring_system generic_textual
scoring_elements
6
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-10T19:10:27Z/
url https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-cvp8-5r8g-fhvq
6
reference_url https://github.com/SAML-Toolkits/ruby-saml
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/SAML-Toolkits/ruby-saml
7
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3
scoring_elements
1
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
2
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
3
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
4
value CRITICAL
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-10T19:10:27Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/1ec5392bc506fe43a02dbb66b68741051c5ffeae
8
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
2
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-10T19:10:27Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/4865d030cae9705ee5cdb12415c654c634093ae7
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081560
reference_id 1081560
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081560
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45409
reference_id CVE-2024-45409
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45409
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/CVE-2024-45409.yml
reference_id CVE-2024-45409.YML
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/CVE-2024-45409.yml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2024-45409.yml
reference_id CVE-2024-45409.YML
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2024-45409.yml
13
reference_url https://github.com/advisories/GHSA-cvp8-5r8g-fhvq
reference_id GHSA-cvp8-5r8g-fhvq
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cvp8-5r8g-fhvq
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/GHSA-cvp8-5r8g-fhvq.yml
reference_id GHSA-cvp8-5r8g-fhvq.yml
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth-saml/GHSA-cvp8-5r8g-fhvq.yml
15
reference_url https://github.com/advisories/GHSA-jw9c-mfg7-9rx2
reference_id GHSA-jw9c-mfg7-9rx2
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jw9c-mfg7-9rx2
16
reference_url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
reference_id GHSA-jw9c-mfg7-9rx2
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value 9.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
4
value CRITICAL
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-10T19:10:27Z/
url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
17
reference_url https://usn.ubuntu.com/7309-1/
reference_id USN-7309-1
reference_type
scores
url https://usn.ubuntu.com/7309-1/
fixed_packages
0
url pkg:gem/ruby-saml@1.12.3
purl pkg:gem/ruby-saml@1.12.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12er-nkhb-5kck
1
vulnerability VCID-7g5d-1wbd-w3ev
2
vulnerability VCID-d6a2-bseb-b7fb
3
vulnerability VCID-e63v-x8w4-vufw
4
vulnerability VCID-w8r1-wnkc-e3hk
5
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.12.3
1
url pkg:gem/ruby-saml@1.17.0
purl pkg:gem/ruby-saml@1.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12er-nkhb-5kck
1
vulnerability VCID-7g5d-1wbd-w3ev
2
vulnerability VCID-d6a2-bseb-b7fb
3
vulnerability VCID-e63v-x8w4-vufw
4
vulnerability VCID-w8r1-wnkc-e3hk
5
vulnerability VCID-x721-mbr2-9bhh
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.17.0
aliases CVE-2024-45409, GHSA-cvp8-5r8g-fhvq, GHSA-jw9c-mfg7-9rx2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w1rp-n9ej-ruhv
11
url VCID-w8r1-wnkc-e3hk
vulnerability_id VCID-w8r1-wnkc-e3hk
summary 
Ruby SAML DOS vulnerability with large SAML response
### Summary

A denial-of-service vulnerability exists in ruby-saml even with the
message_max_bytesize setting configured. The vulnerability occurs
because the SAML response is validated for Base64 format prior to
checking the message size,  leading to potential resource exhaustion.

### Details

`ruby-saml` includes a `message_max_bytesize` setting intended to
prevent DOS attacks and decompression bombs. However, this protection
is ineffective in some cases due to the order of operations in the code:

https://github.com/SAML-Toolkits/ruby-saml/blob/fbbedc978300deb9355a8e505849666974ef2e67/lib/onelogin/ruby-saml/saml_message.rb

```ruby
     def decode_raw_saml(saml, settings = nil)
        return saml unless base64_encoded?(saml)
# <--- Issue here. Should be moved after next code block.

        settings =  OneLogin::RubySaml::Settings.new if settings.nil?
        if saml.bytesize > settings.message_max_bytesize
           raise ValidationError.new(\"Encoded SAML Message exceeds \" +
           settings.message_max_bytesize.to_s +
           \" bytes, so was rejected\")
        end
        decoded = decode(saml)
      ...
      end
```

The vulnerability is in the execution order. Prior to checking
bytesize the `base64_encoded?` function performs regex matching
on the entire input string:

```ruby
!!string.gsub(/[\\r\]|\\\\r|\\\|\\s/, \"\").match(BASE64_FORMAT)
```

### Impact

_What kind of vulnerability is it? Who is impacted?_

When successfully  exploited, this vulnerability can lead to:
- Excessive memory consumption
- High CPU utilization
- Application slowdown or unresponsiveness
- Complete application crash in severe cases
- Potential denial of service for legitimate users

All applications using `ruby-saml` with SAML configured and
enabled are vulnerable.

###   Potential Solution

Reorder the validation steps to ensure max bytesize is checked first

```ruby
def decode_raw_saml(saml, settings = nil)
  settings = OneLogin::RubySaml::Settings.new
if settings.nil?
  if saml.bytesize > settings.message_max_bytesize
    raise  ValidationError.new(\"Encoded SAML Message exceeds \" +
    settings.message_max_bytesize.to_s  + \" bytes, so was rejected\")
  end
  return saml unless base64_encoded?(saml)
  decoded = decode(saml)
  ...
end
```
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-54572
reference_id
reference_type
scores
0
value 0.00581
scoring_system epss
scoring_elements 0.69332
published_at 2026-06-09T12:55:00Z
1
value 0.00581
scoring_system epss
scoring_elements 0.69312
published_at 2026-06-08T12:55:00Z
2
value 0.00581
scoring_system epss
scoring_elements 0.69337
published_at 2026-06-06T12:55:00Z
3
value 0.00581
scoring_system epss
scoring_elements 0.69328
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-54572
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54572
2
reference_url https://github.com/SAML-Toolkits/ruby-saml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/SAML-Toolkits/ruby-saml
3
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/38ef5dd1ce17514e202431f569c4f5633e6c2709
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T14:17:38Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/38ef5dd1ce17514e202431f569c4f5633e6c2709
4
reference_url https://github.com/SAML-Toolkits/ruby-saml/pull/770
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T14:17:38Z/
url https://github.com/SAML-Toolkits/ruby-saml/pull/770
5
reference_url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.1
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T14:17:38Z/
url https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.1
6
reference_url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-rrqh-93c8-j966
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T14:17:38Z/
url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-rrqh-93c8-j966
7
reference_url https://lists.debian.org/debian-lts-announce/2025/09/msg00001.html
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/09/msg00001.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-54572
reference_id CVE-2025-54572
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-54572
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-54572.yml
reference_id CVE-2025-54572.YML
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-54572.yml
10
reference_url https://github.com/advisories/GHSA-rrqh-93c8-j966
reference_id GHSA-rrqh-93c8-j966
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rrqh-93c8-j966
fixed_packages
0
url pkg:gem/ruby-saml@1.18.1
purl pkg:gem/ruby-saml@1.18.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.18.1
aliases CVE-2025-54572, GHSA-rrqh-93c8-j966
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8r1-wnkc-e3hk
12
url VCID-x721-mbr2-9bhh
vulnerability_id VCID-x721-mbr2-9bhh
summary 
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not affect the version 1.18.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66568
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15447
published_at 2026-06-07T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.1539
published_at 2026-06-09T12:55:00Z
2
value 0.00048
scoring_system epss
scoring_elements 0.15363
published_at 2026-06-08T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.15487
published_at 2026-06-06T12:55:00Z
4
value 0.00048
scoring_system epss
scoring_elements 0.15496
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66568
1
reference_url https://github.com/SAML-Toolkits/ruby-saml
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/SAML-Toolkits/ruby-saml
2
reference_url https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-09T14:16:24Z/
url https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66568
reference_id CVE-2025-66568
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66568
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-66568.yml
reference_id CVE-2025-66568.YML
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-66568.yml
5
reference_url https://github.com/advisories/GHSA-x4h9-gwv3-r4m4
reference_id GHSA-x4h9-gwv3-r4m4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4h9-gwv3-r4m4
6
reference_url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-x4h9-gwv3-r4m4
reference_id GHSA-x4h9-gwv3-r4m4
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-09T14:16:24Z/
url https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-x4h9-gwv3-r4m4
fixed_packages
0
url pkg:gem/ruby-saml@1.18.0
purl pkg:gem/ruby-saml@1.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w8r1-wnkc-e3hk
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@1.18.0
aliases CVE-2025-66568, GHSA-x4h9-gwv3-r4m4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x721-mbr2-9bhh
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/ruby-saml@0.0.5