cbcvebase.

Saml-Toolkits Ruby-Saml vulnerabilities

6 known vulnerabilities affecting saml-toolkits/ruby-saml.

Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL4HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-45409P1CRITICALCVSS 9.8ExploitedPoCfixed in 1.12.3v>= 1.13.0, < 1.17.02024-09-10
CVE-2024-45409 [CRITICAL] CWE-347 CVE-2024-45409: The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 1 The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow
nvd
CVE-2025-25291P1CRITICALCVSS 9.8PoCfixed in 1.12.4v>= 1.13.0, < 1.18.02025-03-12
CVE-2025-25291 [CRITICAL] CWE-347 CVE-2025-25291: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authe ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input
nvd
CVE-2025-25292P1CRITICALCVSS 9.8fixed in 1.18.02025-03-12
CVE-2025-25292 [CRITICAL] CWE-347 CVE-2025-25292: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authe ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input
nvd
CVE-2025-66568P2CRITICALCVSS 9.1fixed in 1.18.02025-12-09
CVE-2025-66568 [CRITICAL] CWE-347 CVE-2025-66568: The ruby-saml library implements the client side of an SAML authorization. Versions up to and includ The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrapping attack. When libxml2’s canonicalization is invoke
nvd
CVE-2025-25293P3HIGHCVSS 7.5fixed in 1.12.4v>= 1.13.0, < 1.18.02025-03-12
CVE-2025-25293 [HIGH] CWE-400 CVE-2025-25293: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a c
nvd
CVE-2025-54572P3MEDIUMCVSS 6.9fixed in 1.18.12025-07-30
CVE-2025-54572 [MEDIUM] CWE-400 CVE-2025-54572: The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18. The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to
nvd