File tree Expand file tree Collapse file tree 1 file changed +38
-0
lines changed
Expand file tree Collapse file tree 1 file changed +38
-0
lines changed Original file line number Diff line number Diff line change 1+ ---
2+ layout : default
3+ title : " SSPSA 202512-01: Signature bypass vulnerability"
4+ ---
5+
6+ <aside ><div class =" sidebar-warning right " >
7+ <h2 >Date</h2 >
8+ 08 December 2025
9+ <h2 >Affected versions</h2 >
10+
11+ <code >SimpleSAMLphp 2.4.0 - 2.4.3</code ><br />
12+ <code >SimpleSAMLphp 2.3.0 - 2.3.9</code ><br />
13+
14+ <code >Any older version</code ><br />
15+ <h2 >Severity</h2 >
16+ High - CVE 9.3
17+ </div ></aside >
18+
19+ # 202501-01
20+
21+ ** Signature bypass vulnerability**
22+
23+ ### Description
24+
25+ An attacker could fabricate a SAML Response and the Service Provider would accept it, due to a bug in the libxml2-library.
26+
27+ ### Mitigation:
28+
29+ Update to the latest version of SimpleSAMLphp, or manually bump the ` robrichards/xmlseclibs ` dependency to v3.1.4
30+
31+ ### Background / details
32+
33+ https://portswigger.net/research/the-fragile-lock#golden-saml-response
34+
35+ ### Credit
36+
37+ This vulnerability was discovered and reported by d0ge on December 2, 2025.
38+ It is registered under CVE-2025 -66475.
You can’t perform that action at this time.
0 commit comments