CVE-2025-25291 — CRITICAL (9.8)

Q: How severe is CVE-2025-25291?

CVE-2025-25291 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-25291?

Check the references section above for vendor advisories and patch information. Affected products include: Omniauth Omniauth Saml, Onelogin Ruby-Saml, Netapp Storagegrid.

Vulnerability Description

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Omniauth	Omniauth Saml	< 1.10.6
Onelogin	Ruby-Saml	< 1.12.4
Netapp	Storagegrid	-

Related Weaknesses (CWE)

CWE-436 CWE-347

References

https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-releasePatch
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authenticationExploitThird Party Advisory
https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495Patch
https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cPatch
https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4Release Notes
https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0Release Notes
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8Vendor Advisory
https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xVendor Advisory
https://portswigger.net/research/saml-roulette-the-hacker-always-winsExploitThird Party Advisory
https://securitylab.github.com/advisories/GHSL-2024-329_GHSL-2024-330_ruby-samlThird Party Advisory
https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html
https://news.ycombinator.com/item?id=43374519Issue Tracking
https://security.netapp.com/advisory/ntap-20250314-0010/Third Party Advisory

FAQ

What is CVE-2025-25291?

CVE-2025-25291 is a vulnerability with a CVSS score of 9.8 (CRITICAL). ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a p...

How severe is CVE-2025-25291?

CVE-2025-25291 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-25291?

Check the references section above for vendor advisories and patch information. Affected products include: Omniauth Omniauth Saml, Onelogin Ruby-Saml, Netapp Storagegrid.