Description

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different document structures from the same input. This allows an attacker to execute a Signature Wrapping attack. This issue is fixed in version 1.18.0.

INFO

Published Date :

2025-12-09T01:55:06.296Z

Last Modified :

2025-12-09T16:02:57.270Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66567 vulnerability.

Vendors Products
Onelogin
  • Ruby-saml
Saml-toolkits
  • Ruby-saml
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66567.

URL Resource
https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97 cve-icon cve-icon
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3 cve-icon cve-icon
https://github.com/advisories/GHSA-754f-8gm6-c4r2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact