Fluid Attacks Database

Description

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	ruby-saml	=1.11.0-1 \|\| =1.11.0-1+deb11u1 \|\| >=0 <1.11.0-1+deb11u2	1.11.0-1+deb11u2
debian 12	ruby-saml	=1.13.0-1 \|\| =1.13.0-1+deb12u1 \|\| =1.15.0-1 \|\| =1.17.0-1	-
rubygems	ruby-saml	>=0 <1.12.4 \|\| >=1.13.0 <1.18.0	1.12.4, 1.18.0

Aliases

1. CVE-2025-252912. NVD-2025-252913. OSV-DEBIAN-2025-252914. OSV-2025-252915. GHSA-4vc4-m8qh-g8jm6. GHSA-hw46-3hmr-x9xv7. https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-saml8. GCVE-2025-252919. SECURITY-TRACKER-CVE-2025-2529110. lists.debian.org

References

1. https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2025/CVE-2025-25291.yaml2. https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm3. https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv4. https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd95. https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae976. https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released7. https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials8. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.49. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.010. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-25291.yml11. https://news.ycombinator.com/item?id=4337451912. https://portswigger.net/research/saml-roulette-the-hacker-always-wins13. https://security.netapp.com/advisory/ntap-20250314-0010

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.