CVE-2025-29774
published 2025-03-14CVE-2025-29774: xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1…
PriorityP266critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
9.05%
94.6th percentile
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| node-saml | xml-crypto | < 2.1.6 | 2.1.6 |
| node-saml | xml-crypto | — | — |
| node-saml | xml-crypto | — | — |
| node-saml | xml-crypto | >= 0 < 2.1.6 | 2.1.6 |
| node-saml | xml-crypto | >= 3.0.0 < 3.2.1 | 3.2.1 |
| node-saml | xml-crypto | >= 4.0.0 < 6.0.1 | 6.0.1 |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS xml-crypto SAML Authentication Bypass Multiple SignedInfo References (CVE-2025-29774)"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"SAMLResponse|3d|"; fast_pattern; base64_decode:offset 0, relative; base64_data; content:"|3c|saml2p|3a|Response"; content:"|3c|SignedInfo|3e|"; content:"|3c|SignedInfo|3e|"; distance:0; reference:url,github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g; reference:cve,2025-29774; classtype:web-application-attack; sid:2060961; rev:2; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_03_19, cve CVE_2025_29774, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Exploit, updated_at 2025_03_25, reviewed_at 2025_08_26, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
- →Exploit traffic is an HTTP POST request containing a SAMLResponse parameter. The base64-decoded body will contain a <saml2p:Response> element with TWO distinct <SignedInfo> blocks — the presence of duplicate <SignedInfo> elements is the core exploit indicator. ↗
- →Detection requires TLS decryption (SSLDecrypt/TLSDecrypt) to inspect the POST body for the duplicate SignedInfo pattern in SAML responses. ↗
- →The attack technique is Exploit Public-Facing Application (T1190) under Initial Access (TA0001), targeting SAML SSO endpoints that use xml-crypto for signature verification. ↗
- →The vulnerability allows privilege escalation or user impersonation by modifying identity/access control attributes in a signed XML message that still passes signature verification — monitor for unexpected role/attribute changes in SAML assertions from otherwise valid accounts. ↗
- ·Red Hat has assessed that no mitigation meeting their criteria is currently available for affected packages (e.g., openshift-serverless kn-backstage-plugins-eventmesh-rhel8); patching to xml-crypto 6.0.1, 3.2.1, or 2.1.6 is the only fix. ↗
CVSS provenance
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
vendor_redhat·2025-03-14·CVSS 9.3
CVE-2025-29774 [CRITICAL] CWE-347 xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. T
GHSA
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
ghsa·2025-03-14
CVE-2025-29774 [CRITICAL] CWE-347 xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
# Impact
An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user.
# Patches
All versions
forgeddigestvalue
realdigestvalue
```
### Code to test
Pass in the decrypted version of the document
```js
decryptedDocument = ... // yours to implement
// This check
OSV
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
osv·2025-03-14
CVE-2025-29774 [CRITICAL] xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
# Impact
An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user.
# Patches
All versions
forgeddigestvalue
realdigestvalue
```
### Code to test
Pass in the decrypted version of the document
```js
decryptedDocument = ... // yours to implement
// This check
Suricata
ET WEB_SPECIFIC_APPS xml-crypto SAML Authentication Bypass Multiple SignedInfo References (CVE-2025-29774)
suricata·2025-03-19·CVSS 9.3
CVE-2025-29774 [CRITICAL] ET WEB_SPECIFIC_APPS xml-crypto SAML Authentication Bypass Multiple SignedInfo References (CVE-2025-29774)
ET WEB_SPECIFIC_APPS xml-crypto SAML Authentication Bypass Multiple SignedInfo References (CVE-2025-29774)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS xml-crypto SAML Authentication Bypass Multiple SignedInfo References (CVE-2025-29774)"; flow:established,to_server; http.method; content:"POST"; http.request_body; content:"SAMLResponse|3d|"; fast_pattern; base64_decode:offset 0, relative; base64_data; content:"|3c|saml2p|3a|Response"; content:"|3c|SignedInfo|3e|"; content:"|3c|SignedInfo|3e|"; distance:0; reference:url,github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g; reference:cve,2025-29774; classtype:web-application-attack; sid:2060961; rev:2; metadata:attack_target Server, tls_state TLSDecrypt, created_at 2025_03_19, cve CVE_202
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aedhttps://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2ghttps://workos.com/blog/samlstorm
2025-03-14
Published