CVE-2025-54419Improper Authentication in Node-saml

CWE-287Improper AuthenticationCWE-347Improper Verification of Cryptographic Signature4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
0.0%
top 87.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Node-samlNode-saml Passport-samlPassport-saml Project Passport-saml
Timeline
PublishedJul 28

Description

A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. To conduct the attack an attacker would need a validly signed document fro

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.8

Affected Packages4 packages

npmnode-saml/node-saml< 5.1.0
CVEListV5node-saml/node-saml= 5.0.1

🔴Vulnerability Details

2
GHSA
Node-SAML SAML Signature Verification Vulnerability2025-07-28
OSV
Node-SAML SAML Signature Verification Vulnerability2025-07-28

📋Vendor Advisories

1
Red Hat
@node-saml/node-saml: Node-SAML Signature Verification Vulnerability2025-07-28