Vulnerability Description
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simplesamlphp | Simplesamlphp-Casserver | < 6.3.1 |
| Simplesamlphp | Simplesamlphp Casserver | 7.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/0462f50f0Patch
- https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/fb6c6f1c7Patch
- https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisorExploitVendor Advisory
- https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisorExploitVendor Advisory
FAQ
What is CVE-2025-65954?
CVE-2025-65954 is a vulnerability with a CVSS score of 6.1 (MEDIUM). SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirec...
How severe is CVE-2025-65954?
CVE-2025-65954 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-65954?
Check the references section above for vendor advisories and patch information. Affected products include: Simplesamlphp Simplesamlphp-Casserver, Simplesamlphp Simplesamlphp Casserver.