{"vulnerability": "CVE-2025-25292", "sightings": [{"uuid": "354ca22f-9961-4b6d-a7c1-dfee0a5c1ecc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/788f36f8-de85-4779-b4e3-6815a156b903", "content": "", "creation_timestamp": "2025-03-13T05:57:30.908420Z"}, {"uuid": "d05c6e2a-e298-4456-81b2-a88cbe7d08f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/5097", "content": "\u041d\u0430\u0448\u0430 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u0430\u044f \u0440\u0443\u0431\u0440\u0438\u043a\u0430\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c \u0433\u0438\u0442\u043b\u0430\u0431\u0447\u0438\u043a\u0438 \ud83d\udc85\ud83d\udc85\ud83d\udc85\n\nGitLab has remediated two privately disclosed security issues (CVE-2025-25291, CVE-2025-25292) identified in the ruby-saml library which GitLab uses when SAML SSO authentication is enabled at the instance or group level. These issues have been remediated on GitLab.com, and in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2.\n\nOn GitLab CE/EE instances using SAML authentication, under certain circumstances, an attacker with access to a valid signed SAML document from the IdP could authenticate as another valid user within the environment's SAML IdP.\n\nSelf Managed GitLab: Known Mitigations\n\nAffected customers who cannot immediately update GitLab CE/EE to address these issues may choose to perform the following mitigation steps:\n\nNote: This vulnerability requires the attacker to have compromised a valid user account to perform the authentication bypass.\n\n- Enable GitLab two-factor authentication for all user accounts on the GitLab self-managed instance (NOTE: Enabling identity provider multi-factor authentication does not mitigate this vulnerability) and\n\n- Do not allow the SAML two-factor bypass option in GitLab and\n\n- Require admin approval for automatically created new users (gitlab_rails['omniauth_block_auto_created_users'] = true)\n\nhttps://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/", "creation_timestamp": "2025-03-13T06:45:02.000000Z"}, {"uuid": "0d796a8e-e457-4f22-a23b-56b3ef6fd5a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/itsec_news/5499", "content": "\u200b\u26a1\ufe0f\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 ruby-saml \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0433\u0440\u043e\u0436\u0430\u044e\u0442 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\ud83d\udcac \u0412 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 ruby-saml, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u0439 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u043c Security Assertion Markup Language (SAML), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u042d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\nSAML \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043c\u0435\u0436\u0434\u0443 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0435\u0434\u0438\u043d\u043e\u0436\u0434\u044b \u0432\u0445\u043e\u0434\u0438\u0442\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 (SSO) \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u0431\u0435\u0437 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043a\u043e\u0434\u0435 ruby-saml \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0414\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b CVE-2025-25291 \u0438 CVE-2025-25292 , \u0438\u043c\u0435\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 CVSS \u2014 8.8 \u0438\u0437 10. \u041e\u043d\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u043c\u043b\u0430\u0434\u0448\u0435 1.12.4, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u0442 1.13.0 \u0434\u043e 1.18.0 (\u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e).\n\n\u041f\u0440\u0438\u0447\u0438\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u0438\u044f\u0445 \u043c\u0435\u0436\u0434\u0443 \u043f\u0430\u0440\u0441\u0435\u0440\u0430\u043c\u0438 XML REXML \u0438 Nokogiri, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e-\u0440\u0430\u0437\u043d\u043e\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u044e\u0442 \u043e\u0434\u0438\u043d \u0438 \u0442\u043e\u0442 \u0436\u0435 XML-\u043a\u043e\u0434. \u042d\u0442\u043e \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 Signature Wrapping, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 GitHub \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u044d\u0442\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435, \u043e\u0431\u043b\u0430\u0434\u0430\u044f \u043e\u0434\u043d\u043e\u0439 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u044c\u044e, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043b\u044e\u0447\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 SAML-\u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u0438\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0439, \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c SAML-\u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 1.12.4 \u0438 1.18.0 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0435\u0449\u0451 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 ( CVE-2025-25293 , CVSS 7.7), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u043a\u0430\u0437\u043e\u043c \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS). \u041e\u043d\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u0436\u0430\u0442\u044b\u0445 SAML-\u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0434\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0430\u0431\u043e\u0442\u044b \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432.\n\n\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 GitHub \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u043a\u043e\u0440\u0435\u043d\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u2014 \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435 \u043c\u0435\u0436\u0434\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0445\u0435\u0448\u0430 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u0447\u0442\u043e \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0440\u0430\u0437\u043d\u0438\u0446\u0443 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 XML-\u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c ruby-saml \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0440\u0438\u0441\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0420\u0430\u043d\u0435\u0435, \u0432 2024 \u0433\u043e\u0434\u0443, GitLab \u0438 ruby-saml \u0443\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0431\u0430\u0433 ( CVE-2024-45409 , CVSS 10.0), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-03-15T14:47:01.000000Z"}, {"uuid": "ce457868-c17e-4657-8e69-79f793dda503", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/thehackernews/6486", "content": "\ud83d\udd34 ruby-saml Flaws Open SAML Auth to Hijacking\n\nGitHub Security Lab found CVE-2025-25291 &amp; CVE-2025-25292 (CVSS 8.8) in ruby-saml, allowing attackers to bypass authentication using a valid signature.\n\n\ud83d\udd17 Read: https://thehackernews.com/2025/03/github-uncovers-new-ruby-saml.html\n\n\ud83d\udd11 Update now or risk account takeover.", "creation_timestamp": "2025-03-13T13:34:43.000000Z"}, {"uuid": "424e47dd-df43-4f97-b3d9-2911b61b29b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lknzchpnnd2u", "content": "", "creation_timestamp": "2025-03-18T15:47:03.743643Z"}, {"uuid": "cbcffebe-5ebd-4931-aa2f-6413418e44dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lklwuqfadg2x", "content": "", "creation_timestamp": "2025-03-17T19:58:15.419997Z"}, {"uuid": "92476218-dd79-4426-a071-fdf2b09afaa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-3e39154e-7e52655bd7735e43", "content": "", "creation_timestamp": "2025-03-16T23:34:06.856306Z"}, {"uuid": "2b1607b7-4200-443f-be26-8f8c022058a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://infosec.exchange/users/decio/statuses/114154270169549367", "content": "", "creation_timestamp": "2025-03-13T08:52:09.744909Z"}, {"uuid": "ff1f92e6-0f7f-40e7-a7b8-1e0d97ee0cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114154846152927799", "content": "", "creation_timestamp": "2025-03-13T11:18:39.021082Z"}, {"uuid": "70955c5c-6c72-4a77-b624-caf4fd167175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokvurocj2k", "content": "", "creation_timestamp": "2025-03-18T21:02:07.870130Z"}, {"uuid": "c596b94d-cd52-4a0b-9068-9249d78f2192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114154851252724733", "content": "", "creation_timestamp": "2025-03-13T11:19:56.631399Z"}, {"uuid": "67cac3eb-d1e3-41e3-9efa-ff3cb1e740a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114154867825552089", "content": "", "creation_timestamp": "2025-03-13T11:24:09.298419Z"}, {"uuid": "567888c2-2fb4-425b-9798-02f394c5f159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokxqvjot2k", "content": "", "creation_timestamp": "2025-03-18T21:03:11.019487Z"}, {"uuid": "fc883dc0-b986-4f1a-b57d-2201bb161378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokyjc4f22u", "content": "", "creation_timestamp": "2025-03-18T21:03:36.332597Z"}, {"uuid": "abf77c9a-5c76-4703-b6c9-bf5bfb9338c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/114177286203783922", "content": "", "creation_timestamp": "2025-03-17T10:25:26.506754Z"}, {"uuid": "566c11e0-455e-4546-b575-5354f6e2e1ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/CyberBulletin/2634", "content": "\u26a1Account hijacking possible with ruby-saml library bugs.\n\nTracked as CVE-2025-25291 and CVE-2025-25292, which could be exploited to circumvent the authentication defenses of the Security Assertion Markup Language and facilitate account takeovers.\n\n#CyberBulletin", "creation_timestamp": "2025-03-14T21:37:07.000000Z"}, {"uuid": "493742b1-7a59-471f-b5fa-659e22aa7770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/", "content": "", "creation_timestamp": "2025-03-12T20:07:18.000000Z"}, {"uuid": "35274da9-a9d9-4323-abe3-2c35518de588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokpweols2m", "content": "", "creation_timestamp": "2025-03-18T20:58:48.188575Z"}, {"uuid": "c09423c2-f348-4605-826e-fe2c4d2ee970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokqdygp32r", "content": "", "creation_timestamp": "2025-03-18T20:59:06.302497Z"}, {"uuid": "35cc35c6-78ea-4db4-ab9b-b25189e53956", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokuzqx2e2r", "content": "", "creation_timestamp": "2025-03-18T21:01:39.605882Z"}, {"uuid": "a9f6788c-c369-49c6-9803-200b648d8b47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokr7tm7l2u", "content": "", "creation_timestamp": "2025-03-18T20:59:31.504117Z"}, {"uuid": "4d5b0bbd-51c0-452f-b449-d54b6ff08e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/cvedetector/20176", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25292 - Apache Ruby SAML XML Parser Signature Wrapping Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-25292 \nPublished : March 12, 2025, 9:15 p.m. | 2\u00a0hours, 8\u00a0minutes ago \nDescription : ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T00:34:10.000000Z"}, {"uuid": "b16772dc-8468-4d14-80d6-b8881d68b709", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7388", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25292\n\ud83d\udd25 CVSS Score: 8.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.\n\ud83d\udccf Published: 2025-03-12T20:53:24.353Z\n\ud83d\udccf Modified: 2025-03-12T21:35:08.259Z\n\ud83d\udd17 References:\n1. https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2\n2. https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv\n3. https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9\n4. https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97\n5. https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released\n6. https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials\n7. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4\n8. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0", "creation_timestamp": "2025-03-12T21:40:48.000000Z"}, {"uuid": "e2d17c83-b5c7-4de1-b678-7da84c74b87f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/ton618cyber/8022", "content": "GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks\n\nruby-saml vulnerabilities (CVE-2025-25291, CVE-2025-25292) allow SAML authentication bypass (CVSS 8.8). Update to versions 1.12.4 or 1.18.0 now.\n\nThe Hacker News | thehackernews.com \u2022 Mar 13, 2025", "creation_timestamp": "2025-03-25T00:46:04.000000Z"}, {"uuid": "7e8329d0-5fa4-49bb-b030-884eaafe909f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/ton618cyber/3203", "content": "GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks\n\nruby-saml vulnerabilities (CVE-2025-25291, CVE-2025-25292) allow SAML authentication bypass (CVSS 8.8). Update to versions 1.12.4 or 1.18.0 now.\n\nThe Hacker News | thehackernews.com \u2022 Mar 13, 2025", "creation_timestamp": "2025-03-25T00:46:05.000000Z"}, {"uuid": "929ecaf0-3534-49e5-b2fe-551f482fc621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "Telegram/WNRbuXq55OVE9Qh-wm0yqD8L1Jchj4VgDMTY-oahDGw04g", "content": "", "creation_timestamp": "2025-03-13T13:44:56.000000Z"}, {"uuid": "dec9eb49-61fc-4bdc-ab32-6af69210d3e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/CyberBulletin/2618", "content": "\u26a1ruby-saml Flaws Open SAML Auth to Hijacking\n\nGitHub Security Lab found CVE-2025-25291 &amp; CVE-2025-25292 (CVSS 8.8) in ruby-saml, allowing attackers to bypass authentication using a valid signature.\n\n#CyberBulletin", "creation_timestamp": "2025-03-13T17:22:59.000000Z"}, {"uuid": "841854be-14c5-407a-8b5f-4b10473bfdc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lkemmpsaus2o", "content": "", "creation_timestamp": "2025-03-14T22:06:12.948944Z"}, {"uuid": "25017d8b-3235-48ee-a50a-1e3d5e1c31ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/dimaiosdev.bsky.social/post/3lkdbeyncf22c", "content": "", "creation_timestamp": "2025-03-14T09:12:21.970246Z"}, {"uuid": "9d2cc90e-8fba-465a-844c-d8e61db44e38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaabxl23", "content": "", "creation_timestamp": "2025-03-15T06:09:33.166085Z"}, {"uuid": "55d4620f-d54e-4f09-b414-079be80192d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaaevd23", "content": "", "creation_timestamp": "2025-03-15T06:09:33.755477Z"}, {"uuid": "e180fcfc-4db3-4665-b80e-50322cf30804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaaful23", "content": "", "creation_timestamp": "2025-03-15T06:09:34.350189Z"}, {"uuid": "3f8cbcb7-0d13-468e-b225-0f945375d0cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaafum23", "content": "", "creation_timestamp": "2025-03-15T06:09:34.911598Z"}, {"uuid": "be5c76ee-6802-45a5-8ec0-8140022c8864", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaafun23", "content": "", "creation_timestamp": "2025-03-15T06:09:35.501231Z"}, {"uuid": "bf3a54a6-462b-456c-8247-7678e1f3fea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkomemcicw2k", "content": "", "creation_timestamp": "2025-03-18T21:28:16.210942Z"}, {"uuid": "ba73a985-5f67-437d-9336-5fb968029880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/114166691630661888", "content": "", "creation_timestamp": "2025-03-15T13:31:12.378264Z"}, {"uuid": "aa9fd3b8-a3f0-4112-9b27-e31d113df25e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/114169531613827594", "content": "", "creation_timestamp": "2025-03-16T01:33:24.731785Z"}, {"uuid": "84fbea79-b4a0-4396-aa88-ad26e17e2a8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lkdyyts5z62u", "content": "", "creation_timestamp": "2025-03-14T16:15:03.829500Z"}, {"uuid": "4984eec6-5c77-4f6e-b377-b0fe6c01be4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://threatintel.cc/2025/03/14/gitlab-addressed-critical-auth-bypass.html", "content": "", "creation_timestamp": "2025-03-14T10:05:19.000000Z"}, {"uuid": "84af3b9f-2f00-475e-8dba-a76f15019f08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3m7ljpqhxj225", "content": "", "creation_timestamp": "2025-12-09T21:51:55.557434Z"}]}