logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2025-29774 xml-crypto

Package

Manager: npm
Name: xml-crypto
Vulnerable Version: >=4.0.0 <6.0.1 || >=3.0.0 <3.2.1 || >=0 <2.1.6

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00087 pctl0.25966

Details

xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References # Impact An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. # Patches All versions <= 6.0.0 are affected. Please upgrade to version 6.0.1. If you are still using v2.x or v3.x please upgrade to the associated patch version. # Indicators of Compromise When logging XML payloads, check for the following indicators. If the payload includes encrypted elements, ensure you analyze the decrypted version for a complete assessment. (If encryption is not used, analyze the original XML document directly). This applies to various XML-based authentication and authorization flows, such as SAML Response payloads. ### Multiple SignedInfo Nodes There should not be more than one SignedInfo node inside a Signature. If you find multiple SignedInfo nodes, it could indicate an attack. ```xml <Signature> <SomeNode> <SignedInfo> <Reference URI="somefakereference"> <DigestValue>forgeddigestvalue</DigestValue> </Reference> </SignedInfo> </SomeNode> <SignedInfo> <Reference URI="realsignedreference"> <DigestValue>realdigestvalue</DigestValue> </Reference> </SignedInfo> </SignedInfo> </Signature> ``` ### Code to test Pass in the decrypted version of the document ```js decryptedDocument = ... // yours to implement // This check is per-Signature node, not per-document const signedInfoNodes = xpath.select(".//*[local-name(.)='SignedInfo']", signatureNode); if (signedInfoNodes.length === 0) { // Not necessarily a compromise, but invalid. Should contain exactly one SignedInfo node // Yours to implement } if (signedInfoNodes.length > 1) { // Compromise detected, yours to implement } ```

Metadata

Created: 2025-03-14T17:14:23Z
Modified: 2025-03-16T21:34:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-9p8x-f768-wp2g/GHSA-9p8x-f768-wp2g.json
CWE IDs: ["CWE-347"]
Alternative ID: GHSA-9p8x-f768-wp2g
Finding: F163
Auto approve: 1