CVE-2025-27509

SAML authentication vulnerability due to improper SAML response validation

Description

fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time (JIT) provisioning is enabled, or create new accounts tied to forged assertions if f MDM enrollment is enabled. This vulnerability is fixed in 4.64.2, 4.63.2, 4.62.4, and 4.58.1.

INFO

Published Date :

2025-03-06T19:00:36.098Z

Last Modified :

2025-03-06T19:29:47.248Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-27509 vulnerability.

Vendors	Products
Fleetdm	Fleet

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27509.

URL	Resource
https://github.com/fleetdm/fleet/commit/718c95e47ad010ad6b8ceb3f3460e921fbfc53bb
https://github.com/fleetdm/fleet/security/advisories/GHSA-52jx-g6m5-h735

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability