{"vulnerability": "cve-2025-2529", "sightings": [{"uuid": "d34224d2-e3b3-48c5-b1ee-ae193b596aad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/code/cves/2025/CVE-2025-25291.yaml", "content": "", "creation_timestamp": "2025-03-21T12:05:31.000000Z"}, {"uuid": "d9cd6992-8fed-4c21-a93d-11aceaf67119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lkemmpsaus2o", "content": "", "creation_timestamp": "2025-03-14T22:06:12.869102Z"}, {"uuid": "febf58d6-84f8-46e4-8b4d-e8b94b1be6d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25293", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lkemmpsaus2o", "content": "", "creation_timestamp": "2025-03-14T22:06:13.034007Z"}, {"uuid": "841854be-14c5-407a-8b5f-4b10473bfdc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lkemmpsaus2o", "content": "", "creation_timestamp": "2025-03-14T22:06:12.948944Z"}, {"uuid": "e3ab26f4-77b1-466d-b07e-40168ea86000", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/", "content": "", "creation_timestamp": "2025-03-12T20:07:18.000000Z"}, {"uuid": "493742b1-7a59-471f-b5fa-659e22aa7770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/", "content": "", "creation_timestamp": "2025-03-12T20:07:18.000000Z"}, {"uuid": "98e22ca8-d69c-4386-987b-5f6ddb70ecf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkomemcicw2k", "content": "", "creation_timestamp": "2025-03-18T21:28:16.133919Z"}, {"uuid": "196619ec-c471-4ce9-b94a-63994271e269", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/114177286203783922", "content": "", "creation_timestamp": "2025-03-17T10:25:26.408314Z"}, {"uuid": "abf77c9a-5c76-4703-b6c9-bf5bfb9338c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/114177286203783922", "content": "", "creation_timestamp": "2025-03-17T10:25:26.506754Z"}, {"uuid": "42d014aa-0f5d-4143-84da-75844ab4f78a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/114166691630661888", "content": "", "creation_timestamp": "2025-03-15T13:31:12.294909Z"}, {"uuid": "61e21798-9cef-4d82-801d-11993e40cbd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25299", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3linfhqq2ds2p", "content": "", "creation_timestamp": "2025-02-20T23:01:42.310781Z"}, {"uuid": "ba73a985-5f67-437d-9336-5fb968029880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/114166691630661888", "content": "", "creation_timestamp": "2025-03-15T13:31:12.378264Z"}, {"uuid": "ac64338a-c6c9-46f2-bc2d-25475657d998", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/114169531613827594", "content": "", "creation_timestamp": "2025-03-16T01:33:24.669168Z"}, {"uuid": "aa9fd3b8-a3f0-4112-9b27-e31d113df25e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/114169531613827594", "content": "", "creation_timestamp": "2025-03-16T01:33:24.731785Z"}, {"uuid": "4ae19591-5f79-4a6f-a675-cae3e74903e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lkdyyts5z62u", "content": "", "creation_timestamp": "2025-03-14T16:15:03.770890Z"}, {"uuid": "84fbea79-b4a0-4396-aa88-ad26e17e2a8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3lkdyyts5z62u", "content": "", "creation_timestamp": "2025-03-14T16:15:03.829500Z"}, {"uuid": "7f23f5ef-7e9e-48ce-8fd9-f6cdcbc2fa59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://threatintel.cc/2025/03/14/gitlab-addressed-critical-auth-bypass.html", "content": "", "creation_timestamp": "2025-03-14T10:05:19.000000Z"}, {"uuid": "4984eec6-5c77-4f6e-b377-b0fe6c01be4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://threatintel.cc/2025/03/14/gitlab-addressed-critical-auth-bypass.html", "content": "", "creation_timestamp": "2025-03-14T10:05:19.000000Z"}, {"uuid": "34216610-8a65-46a6-a75b-9bd2d9d6ddef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/twypsy.bsky.social/post/3lwekcqoks22m", "content": "", "creation_timestamp": "2025-08-14T14:27:09.471959Z"}, {"uuid": "3d22d5fc-4a19-4cdf-b00e-16054e6cbe01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25295", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:44.000000Z"}, {"uuid": "354ca22f-9961-4b6d-a7c1-dfee0a5c1ecc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/788f36f8-de85-4779-b4e3-6815a156b903", "content": "", "creation_timestamp": "2025-03-13T05:57:30.908420Z"}, {"uuid": "47728736-8cab-41ff-bcb4-45a7a57fda02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/788f36f8-de85-4779-b4e3-6815a156b903", "content": "", "creation_timestamp": "2025-03-13T05:57:30.908420Z"}, {"uuid": "7d564ca4-7e45-49b4-9bac-58bb9ab5cd8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25293", "type": "seen", "source": "https://t.me/cvedetector/20177", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25293 - Ruby-SAML zlib Compression Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2025-25293 \nPublished : March 12, 2025, 9:15 p.m. | 2\u00a0hours, 8\u00a0minutes ago \nDescription : ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T00:34:10.000000Z"}, {"uuid": "4d5b0bbd-51c0-452f-b449-d54b6ff08e73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/cvedetector/20176", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25292 - Apache Ruby SAML XML Parser Signature Wrapping Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-25292 \nPublished : March 12, 2025, 9:15 p.m. | 2\u00a0hours, 8\u00a0minutes ago \nDescription : ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T00:34:10.000000Z"}, {"uuid": "df1d2c75-5b0a-400c-9223-191ed7cffae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://t.me/cvedetector/20175", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25291 - Apache Ruby-SAML XML Parser Signature Wrapping Authentication Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-25291 \nPublished : March 12, 2025, 9:15 p.m. | 2\u00a0hours, 8\u00a0minutes ago \nDescription : ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-13T00:34:09.000000Z"}, {"uuid": "86c54761-c340-4faf-b878-c99fb453da1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25295", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5577", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25295\n\ud83d\udd25 CVSS Score: 8.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a `download` function on the `label-studio-sdk` python package, which fails to validate file paths when processing image references during task exports. By creating tasks with path traversal sequences in the image field, an attacker can force the application to read files from arbitrary server filesystem locations when exporting projects in any of the mentioned formats. This is authentication-required vulnerability allowing arbitrary file reads from the server filesystem. It may lead to potential exposure of sensitive information like configuration files, credentials, and confidential data. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio version 1.13.2.dev0; therefore, Label Studio users should upgrade to 1.16.0 or newer to mitigate it.\n\ud83d\udccf Published: 2025-02-14T16:50:26.336Z\n\ud83d\udccf Modified: 2025-02-26T19:09:59.018Z\n\ud83d\udd17 References:\n1. https://github.com/HumanSignal/label-studio/security/advisories/GHSA-rgv9-w7jp-m23g\n2. https://github.com/HumanSignal/label-studio-sdk/commit/4a9715c6b0b619371e89c09ea8d1c86ce5c880df", "creation_timestamp": "2025-02-26T19:24:06.000000Z"}, {"uuid": "5a94e43c-6ed0-44e2-baad-34748b99ef3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25294", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6767", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25294\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the attacker uses a specially crafted user-agent which performs json injection, then he could add and overwrite fields to the access log. This vulnerability is fixed in 1.3.1 and 1.2.7. One can overwrite the old text based default format with JSON formatter by modifying the \"EnvoyProxy.spec.telemetry.accessLog\" setting.\n\ud83d\udccf Published: 2025-03-06T18:46:23.913Z\n\ud83d\udccf Modified: 2025-03-06T20:34:27.649Z\n\ud83d\udd17 References:\n1. https://github.com/envoyproxy/gateway/security/advisories/GHSA-mf24-chxh-hmvj\n2. https://github.com/envoyproxy/gateway/commit/8f48f5199cf1bbb9a8ac0695c5171bfef6c9198a", "creation_timestamp": "2025-03-06T21:34:37.000000Z"}, {"uuid": "b16772dc-8468-4d14-80d6-b8881d68b709", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7388", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25292\n\ud83d\udd25 CVSS Score: 8.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.\n\ud83d\udccf Published: 2025-03-12T20:53:24.353Z\n\ud83d\udccf Modified: 2025-03-12T21:35:08.259Z\n\ud83d\udd17 References:\n1. https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2\n2. https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv\n3. https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9\n4. https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97\n5. https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released\n6. https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials\n7. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4\n8. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0", "creation_timestamp": "2025-03-12T21:40:48.000000Z"}, {"uuid": "b95d678c-79e5-4041-a029-b4667fe4f97a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25297", "type": "seen", "source": "https://t.me/cvedetector/18141", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25297 - Label Studio SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25297 \nPublished : Feb. 14, 2025, 8:15 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery (SSRF) vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a custom S3 endpoint URL via the s3_endpoint parameter. This endpoint URL is passed directly to the boto3 AWS SDK without proper validation or restrictions on the protocol or destination. The vulnerability allows an attacker to make the application send HTTP requests to arbitrary internal services by specifying them as the S3 endpoint. When the storage sync operation is triggered, the application attempts to make S3 API calls to the specified endpoint, effectively making HTTP requests to the target service and returning the response in error messages. This SSRF vulnerability enables attackers to bypass network segmentation and access internal services that should not be accessible from the external network. The vulnerability is particularly severe because error messages from failed requests contain the full response body, allowing data exfiltration from internal services. Version 1.16.0 contains a patch for the issue. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T00:08:41.000000Z"}, {"uuid": "d05c6e2a-e298-4456-81b2-a88cbe7d08f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/5097", "content": "\u041d\u0430\u0448\u0430 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u0430\u044f \u0440\u0443\u0431\u0440\u0438\u043a\u0430\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c \u0433\u0438\u0442\u043b\u0430\u0431\u0447\u0438\u043a\u0438 \ud83d\udc85\ud83d\udc85\ud83d\udc85\n\nGitLab has remediated two privately disclosed security issues (CVE-2025-25291, CVE-2025-25292) identified in the ruby-saml library which GitLab uses when SAML SSO authentication is enabled at the instance or group level. These issues have been remediated on GitLab.com, and in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2.\n\nOn GitLab CE/EE instances using SAML authentication, under certain circumstances, an attacker with access to a valid signed SAML document from the IdP could authenticate as another valid user within the environment's SAML IdP.\n\nSelf Managed GitLab: Known Mitigations\n\nAffected customers who cannot immediately update GitLab CE/EE to address these issues may choose to perform the following mitigation steps:\n\nNote: This vulnerability requires the attacker to have compromised a valid user account to perform the authentication bypass.\n\n- Enable GitLab two-factor authentication for all user accounts on the GitLab self-managed instance (NOTE: Enabling identity provider multi-factor authentication does not mitigate this vulnerability) and\n\n- Do not allow the SAML two-factor bypass option in GitLab and\n\n- Require admin approval for automatically created new users (gitlab_rails['omniauth_block_auto_created_users'] = true)\n\nhttps://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/", "creation_timestamp": "2025-03-13T06:45:02.000000Z"}, {"uuid": "64445c25-d174-44f3-bf06-b70f75f1bf82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://t.me/itsec_news/5499", "content": "\u200b\u26a1\ufe0f\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 ruby-saml \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0433\u0440\u043e\u0436\u0430\u044e\u0442 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\ud83d\udcac \u0412 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 ruby-saml, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u0439 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u043c Security Assertion Markup Language (SAML), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u042d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\nSAML \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043c\u0435\u0436\u0434\u0443 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0435\u0434\u0438\u043d\u043e\u0436\u0434\u044b \u0432\u0445\u043e\u0434\u0438\u0442\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 (SSO) \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u0431\u0435\u0437 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043a\u043e\u0434\u0435 ruby-saml \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0414\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b CVE-2025-25291 \u0438 CVE-2025-25292 , \u0438\u043c\u0435\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 CVSS \u2014 8.8 \u0438\u0437 10. \u041e\u043d\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u043c\u043b\u0430\u0434\u0448\u0435 1.12.4, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u0442 1.13.0 \u0434\u043e 1.18.0 (\u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e).\n\n\u041f\u0440\u0438\u0447\u0438\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u0438\u044f\u0445 \u043c\u0435\u0436\u0434\u0443 \u043f\u0430\u0440\u0441\u0435\u0440\u0430\u043c\u0438 XML REXML \u0438 Nokogiri, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e-\u0440\u0430\u0437\u043d\u043e\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u044e\u0442 \u043e\u0434\u0438\u043d \u0438 \u0442\u043e\u0442 \u0436\u0435 XML-\u043a\u043e\u0434. \u042d\u0442\u043e \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 Signature Wrapping, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 GitHub \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u044d\u0442\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435, \u043e\u0431\u043b\u0430\u0434\u0430\u044f \u043e\u0434\u043d\u043e\u0439 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u044c\u044e, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043b\u044e\u0447\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 SAML-\u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u0438\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0439, \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c SAML-\u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 1.12.4 \u0438 1.18.0 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0435\u0449\u0451 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 ( CVE-2025-25293 , CVSS 7.7), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u043a\u0430\u0437\u043e\u043c \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS). \u041e\u043d\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u0436\u0430\u0442\u044b\u0445 SAML-\u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0434\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0430\u0431\u043e\u0442\u044b \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432.\n\n\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 GitHub \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u043a\u043e\u0440\u0435\u043d\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u2014 \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435 \u043c\u0435\u0436\u0434\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0445\u0435\u0448\u0430 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u0447\u0442\u043e \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0440\u0430\u0437\u043d\u0438\u0446\u0443 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 XML-\u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c ruby-saml \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0440\u0438\u0441\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0420\u0430\u043d\u0435\u0435, \u0432 2024 \u0433\u043e\u0434\u0443, GitLab \u0438 ruby-saml \u0443\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0431\u0430\u0433 ( CVE-2024-45409 , CVSS 10.0), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-03-15T14:47:01.000000Z"}, {"uuid": "a40f623e-2e55-44fa-b2a0-4eae9c917597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25293", "type": "seen", "source": "https://t.me/itsec_news/5499", "content": "\u200b\u26a1\ufe0f\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 ruby-saml \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0433\u0440\u043e\u0436\u0430\u044e\u0442 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\ud83d\udcac \u0412 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 ruby-saml, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u0439 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u043c Security Assertion Markup Language (SAML), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u042d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\nSAML \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043c\u0435\u0436\u0434\u0443 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0435\u0434\u0438\u043d\u043e\u0436\u0434\u044b \u0432\u0445\u043e\u0434\u0438\u0442\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 (SSO) \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u0431\u0435\u0437 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043a\u043e\u0434\u0435 ruby-saml \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0414\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b CVE-2025-25291 \u0438 CVE-2025-25292 , \u0438\u043c\u0435\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 CVSS \u2014 8.8 \u0438\u0437 10. \u041e\u043d\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u043c\u043b\u0430\u0434\u0448\u0435 1.12.4, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u0442 1.13.0 \u0434\u043e 1.18.0 (\u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e).\n\n\u041f\u0440\u0438\u0447\u0438\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u0438\u044f\u0445 \u043c\u0435\u0436\u0434\u0443 \u043f\u0430\u0440\u0441\u0435\u0440\u0430\u043c\u0438 XML REXML \u0438 Nokogiri, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e-\u0440\u0430\u0437\u043d\u043e\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u044e\u0442 \u043e\u0434\u0438\u043d \u0438 \u0442\u043e\u0442 \u0436\u0435 XML-\u043a\u043e\u0434. \u042d\u0442\u043e \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 Signature Wrapping, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 GitHub \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u044d\u0442\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435, \u043e\u0431\u043b\u0430\u0434\u0430\u044f \u043e\u0434\u043d\u043e\u0439 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u044c\u044e, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043b\u044e\u0447\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 SAML-\u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u0438\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0439, \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c SAML-\u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 1.12.4 \u0438 1.18.0 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0435\u0449\u0451 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 ( CVE-2025-25293 , CVSS 7.7), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u043a\u0430\u0437\u043e\u043c \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS). \u041e\u043d\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u0436\u0430\u0442\u044b\u0445 SAML-\u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0434\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0430\u0431\u043e\u0442\u044b \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432.\n\n\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 GitHub \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u043a\u043e\u0440\u0435\u043d\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u2014 \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435 \u043c\u0435\u0436\u0434\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0445\u0435\u0448\u0430 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u0447\u0442\u043e \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0440\u0430\u0437\u043d\u0438\u0446\u0443 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 XML-\u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c ruby-saml \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0440\u0438\u0441\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0420\u0430\u043d\u0435\u0435, \u0432 2024 \u0433\u043e\u0434\u0443, GitLab \u0438 ruby-saml \u0443\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0431\u0430\u0433 ( CVE-2024-45409 , CVSS 10.0), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-03-15T14:47:01.000000Z"}, {"uuid": "566c11e0-455e-4546-b575-5354f6e2e1ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/CyberBulletin/2634", "content": "\u26a1Account hijacking possible with ruby-saml library bugs.\n\nTracked as CVE-2025-25291 and CVE-2025-25292, which could be exploited to circumvent the authentication defenses of the Security Assertion Markup Language and facilitate account takeovers.\n\n#CyberBulletin", "creation_timestamp": "2025-03-14T21:37:07.000000Z"}, {"uuid": "1323fbd2-99cc-43bb-9215-ff521cb53009", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://t.me/CyberBulletin/2634", "content": "\u26a1Account hijacking possible with ruby-saml library bugs.\n\nTracked as CVE-2025-25291 and CVE-2025-25292, which could be exploited to circumvent the authentication defenses of the Security Assertion Markup Language and facilitate account takeovers.\n\n#CyberBulletin", "creation_timestamp": "2025-03-14T21:37:07.000000Z"}, {"uuid": "7e8329d0-5fa4-49bb-b030-884eaafe909f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/ton618cyber/3203", "content": "GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks\n\nruby-saml vulnerabilities (CVE-2025-25291, CVE-2025-25292) allow SAML authentication bypass (CVSS 8.8). Update to versions 1.12.4 or 1.18.0 now.\n\nThe Hacker News | thehackernews.com \u2022 Mar 13, 2025", "creation_timestamp": "2025-03-25T00:46:05.000000Z"}, {"uuid": "929ecaf0-3534-49e5-b2fe-551f482fc621", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "Telegram/WNRbuXq55OVE9Qh-wm0yqD8L1Jchj4VgDMTY-oahDGw04g", "content": "", "creation_timestamp": "2025-03-13T13:44:56.000000Z"}, {"uuid": "2197e9e0-5af1-46f5-8aad-e41b97dbb251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "Telegram/WNRbuXq55OVE9Qh-wm0yqD8L1Jchj4VgDMTY-oahDGw04g", "content": "", "creation_timestamp": "2025-03-13T13:44:56.000000Z"}, {"uuid": "dec9eb49-61fc-4bdc-ab32-6af69210d3e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/CyberBulletin/2618", "content": "\u26a1ruby-saml Flaws Open SAML Auth to Hijacking\n\nGitHub Security Lab found CVE-2025-25291 & CVE-2025-25292 (CVSS 8.8) in ruby-saml, allowing attackers to bypass authentication using a valid signature.\n\n#CyberBulletin", "creation_timestamp": "2025-03-13T17:22:59.000000Z"}, {"uuid": "06ab33d3-1d04-4571-98d0-d07e5f2240e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://t.me/CyberBulletin/2618", "content": "\u26a1ruby-saml Flaws Open SAML Auth to Hijacking\n\nGitHub Security Lab found CVE-2025-25291 & CVE-2025-25292 (CVSS 8.8) in ruby-saml, allowing attackers to bypass authentication using a valid signature.\n\n#CyberBulletin", "creation_timestamp": "2025-03-13T17:22:59.000000Z"}, {"uuid": "76955a0f-e8fa-4b4f-b0d2-52e3b52b5c3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://t.me/ton618cyber/3203", "content": "GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks\n\nruby-saml vulnerabilities (CVE-2025-25291, CVE-2025-25292) allow SAML authentication bypass (CVSS 8.8). Update to versions 1.12.4 or 1.18.0 now.\n\nThe Hacker News | thehackernews.com \u2022 Mar 13, 2025", "creation_timestamp": "2025-03-25T00:46:05.000000Z"}, {"uuid": "b27960e0-44ee-4a96-ae44-9a27b00b8b37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25296", "type": "published-proof-of-concept", "source": "Telegram/g5dnSKFfRiVqVOSRBmM4iv0zdPT4UndMYFcD4S5T3oiUYT0", "content": "", "creation_timestamp": "2025-03-01T10:00:05.000000Z"}, {"uuid": "ce457868-c17e-4657-8e69-79f793dda503", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/thehackernews/6486", "content": "\ud83d\udd34 ruby-saml Flaws Open SAML Auth to Hijacking\n\nGitHub Security Lab found CVE-2025-25291 & CVE-2025-25292 (CVSS 8.8) in ruby-saml, allowing attackers to bypass authentication using a valid signature.\n\n\ud83d\udd17 Read: https://thehackernews.com/2025/03/github-uncovers-new-ruby-saml.html\n\n\ud83d\udd11 Update now or risk account takeover.", "creation_timestamp": "2025-03-13T13:34:43.000000Z"}, {"uuid": "1f5a34dd-0aaa-4aad-a60b-eee9edf77797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://t.me/thehackernews/6486", "content": "\ud83d\udd34 ruby-saml Flaws Open SAML Auth to Hijacking\n\nGitHub Security Lab found CVE-2025-25291 & CVE-2025-25292 (CVSS 8.8) in ruby-saml, allowing attackers to bypass authentication using a valid signature.\n\n\ud83d\udd17 Read: https://thehackernews.com/2025/03/github-uncovers-new-ruby-saml.html\n\n\ud83d\udd11 Update now or risk account takeover.", "creation_timestamp": "2025-03-13T13:34:43.000000Z"}, {"uuid": "e3916bab-b697-4efa-994f-a80fe69b1e70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lknzchpnnd2u", "content": "", "creation_timestamp": "2025-03-18T15:47:03.670043Z"}, {"uuid": "424e47dd-df43-4f97-b3d9-2911b61b29b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/buherator.bsky.social/post/3lknzchpnnd2u", "content": "", "creation_timestamp": "2025-03-18T15:47:03.743643Z"}, {"uuid": "52de3bc7-89e2-429e-9211-d454a249e98e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lklwuqfadg2x", "content": "", "creation_timestamp": "2025-03-17T19:58:15.336995Z"}, {"uuid": "cbcffebe-5ebd-4931-aa2f-6413418e44dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lklwuqfadg2x", "content": "", "creation_timestamp": "2025-03-17T19:58:15.419997Z"}, {"uuid": "4faf1fde-f449-4ab4-8216-64c427b6967d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-3e39154e-7e52655bd7735e43", "content": "", "creation_timestamp": "2025-03-16T23:34:06.773611Z"}, {"uuid": "92476218-dd79-4426-a071-fdf2b09afaa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-3e39154e-7e52655bd7735e43", "content": "", "creation_timestamp": "2025-03-16T23:34:06.856306Z"}, {"uuid": "b8906c69-c5ad-48fc-be6b-9c183c17d852", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25295", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5pdu7c5s2c", "content": "", "creation_timestamp": "2025-02-14T17:15:53.291744Z"}, {"uuid": "31e7e8dd-e365-414d-999e-f2ebc14eedc3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25295", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li5ud6ferz2z", "content": "", "creation_timestamp": "2025-02-14T18:44:59.106950Z"}, {"uuid": "ca5429f1-443b-4331-9f19-1f62a0509769", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25296", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114003891448459556", "content": "", "creation_timestamp": "2025-02-14T19:28:52.416277Z"}, {"uuid": "dcaffb42-2992-44ac-8a91-a74c4a3d2e59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25297", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114003891483235545", "content": "", "creation_timestamp": "2025-02-14T19:28:53.038742Z"}, {"uuid": "bd298f1c-f167-4589-b5da-9f8e69d25d94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25290", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114003936429038682", "content": "", "creation_timestamp": "2025-02-14T19:40:19.588915Z"}, {"uuid": "12bf2f94-437b-42e9-bfa4-fe569111989b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25290", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5zfulgoq2a", "content": "", "creation_timestamp": "2025-02-14T20:15:57.954277Z"}, {"uuid": "572c6bce-ec99-42cc-a78e-ad65d4430cfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25296", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5zfwrfyt2f", "content": "", "creation_timestamp": "2025-02-14T20:16:00.346858Z"}, {"uuid": "15465d82-4ec0-49f3-a2d9-1bba9b2ebf5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25297", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5zfzryra2a", "content": "", "creation_timestamp": "2025-02-14T20:16:03.533379Z"}, {"uuid": "6523aa52-3380-4977-9970-aac09df25aa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25297", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114004204891236343", "content": "", "creation_timestamp": "2025-02-14T20:49:10.575921Z"}, {"uuid": "38ff4b16-66e4-42f4-aadc-3b6e50ce07ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25290", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li6bzmtubr22", "content": "", "creation_timestamp": "2025-02-14T22:50:11.842762Z"}, {"uuid": "a256f290-5a12-42c1-a97b-79618b0a52ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25296", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li6bzn5k6x2y", "content": "", "creation_timestamp": "2025-02-14T22:50:13.601280Z"}, {"uuid": "50e344b0-8f69-41d9-a980-f38461545aa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25297", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li6bznaq7k2v", "content": "", "creation_timestamp": "2025-02-14T22:50:14.182219Z"}, {"uuid": "7b17f8fb-a354-4222-99fd-069c43acc65c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://infosec.exchange/users/decio/statuses/114154270169549367", "content": "", "creation_timestamp": "2025-03-13T08:52:09.662944Z"}, {"uuid": "2b1607b7-4200-443f-be26-8f8c022058a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://infosec.exchange/users/decio/statuses/114154270169549367", "content": "", "creation_timestamp": "2025-03-13T08:52:09.744909Z"}, {"uuid": "2d0d4b6f-6b47-4185-ad41-8f1f90c582b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokr7tm7l2u", "content": "", "creation_timestamp": "2025-03-18T20:59:31.428749Z"}, {"uuid": "35cc35c6-78ea-4db4-ab9b-b25189e53956", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokuzqx2e2r", "content": "", "creation_timestamp": "2025-03-18T21:01:39.605882Z"}, {"uuid": "a9f6788c-c369-49c6-9803-200b648d8b47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokr7tm7l2u", "content": "", "creation_timestamp": "2025-03-18T20:59:31.504117Z"}, {"uuid": "8c7fab92-6d46-4fa5-b384-4252943e471a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokuzqx2e2r", "content": "", "creation_timestamp": "2025-03-18T21:01:39.529975Z"}, {"uuid": "95a147ab-423a-46a9-8640-c32ca1c7c4c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114154846152927799", "content": "", "creation_timestamp": "2025-03-13T11:18:38.895506Z"}, {"uuid": "ff1f92e6-0f7f-40e7-a7b8-1e0d97ee0cbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114154846152927799", "content": "", "creation_timestamp": "2025-03-13T11:18:39.021082Z"}, {"uuid": "41c83989-7851-42e9-978a-6bfad0bde15d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokvurocj2k", "content": "", "creation_timestamp": "2025-03-18T21:02:07.789852Z"}, {"uuid": "456d86e3-dd3b-47e8-b266-16fbda486e86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114154851252724733", "content": "", "creation_timestamp": "2025-03-13T11:19:56.575543Z"}, {"uuid": "70955c5c-6c72-4a77-b624-caf4fd167175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokvurocj2k", "content": "", "creation_timestamp": "2025-03-18T21:02:07.870130Z"}, {"uuid": "c596b94d-cd52-4a0b-9068-9249d78f2192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114154851252724733", "content": "", "creation_timestamp": "2025-03-13T11:19:56.631399Z"}, {"uuid": "9af34b57-ecda-4a36-a5bd-514896ada847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokxqvjot2k", "content": "", "creation_timestamp": "2025-03-18T21:03:10.942966Z"}, {"uuid": "f5e53a31-716d-4eb8-bc35-bf9a85f9bc0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114154867825552089", "content": "", "creation_timestamp": "2025-03-13T11:24:09.228437Z"}, {"uuid": "67cac3eb-d1e3-41e3-9efa-ff3cb1e740a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114154867825552089", "content": "", "creation_timestamp": "2025-03-13T11:24:09.298419Z"}, {"uuid": "567888c2-2fb4-425b-9798-02f394c5f159", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokxqvjot2k", "content": "", "creation_timestamp": "2025-03-18T21:03:11.019487Z"}, {"uuid": "58a68ae8-b0f5-48a0-9042-8ef8a7d4ac9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokyjc4f22u", "content": "", "creation_timestamp": "2025-03-18T21:03:36.252807Z"}, {"uuid": "fc883dc0-b986-4f1a-b57d-2201bb161378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokyjc4f22u", "content": "", "creation_timestamp": "2025-03-18T21:03:36.332597Z"}, {"uuid": "b6630547-1cde-42ee-9d0c-ff8c3bf1858e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25293", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7368", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25293\n\ud83d\udd25 CVSS Score: 6.6 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.\n\ud83d\udccf Published: 2025-03-12T20:11:08.860Z\n\ud83d\udccf Modified: 2025-03-12T20:36:17.830Z\n\ud83d\udd17 References:\n1. https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq\n2. https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv\n3. https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a\n4. https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1\n5. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4\n6. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0", "creation_timestamp": "2025-03-12T20:42:28.000000Z"}, {"uuid": "0474a5ed-3358-4ac5-ad0b-f583421eb256", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7376", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25291\n\ud83d\udd25 CVSS Score: 8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.\n\ud83d\udccf Published: 2025-03-12T20:16:12.181Z\n\ud83d\udccf Modified: 2025-03-12T20:24:28.868Z\n\ud83d\udd17 References:\n1. https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm\n2. https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv\n3. https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9\n4. https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97\n5. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4\n6. https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0", "creation_timestamp": "2025-03-12T20:42:37.000000Z"}, {"uuid": "968d7bab-ac9f-4a99-a4cc-ed39da78c795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/5097", "content": "\u041d\u0430\u0448\u0430 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u0430\u044f \u0440\u0443\u0431\u0440\u0438\u043a\u0430\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c \u0433\u0438\u0442\u043b\u0430\u0431\u0447\u0438\u043a\u0438 \ud83d\udc85\ud83d\udc85\ud83d\udc85\n\nGitLab has remediated two privately disclosed security issues (CVE-2025-25291, CVE-2025-25292) identified in the ruby-saml library which GitLab uses when SAML SSO authentication is enabled at the instance or group level. These issues have been remediated on GitLab.com, and in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2.\n\nOn GitLab CE/EE instances using SAML authentication, under certain circumstances, an attacker with access to a valid signed SAML document from the IdP could authenticate as another valid user within the environment's SAML IdP.\n\nSelf Managed GitLab: Known Mitigations\n\nAffected customers who cannot immediately update GitLab CE/EE to address these issues may choose to perform the following mitigation steps:\n\nNote: This vulnerability requires the attacker to have compromised a valid user account to perform the authentication bypass.\n\n- Enable GitLab two-factor authentication for all user accounts on the GitLab self-managed instance (NOTE: Enabling identity provider multi-factor authentication does not mitigate this vulnerability) and\n\n- Do not allow the SAML two-factor bypass option in GitLab and\n\n- Require admin approval for automatically created new users (gitlab_rails['omniauth_block_auto_created_users'] = true)\n\nhttps://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/", "creation_timestamp": "2025-03-13T06:45:02.000000Z"}, {"uuid": "335b3af9-83bd-48bd-8f8d-43a851a79397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25294", "type": "seen", "source": "https://t.me/cvedetector/19739", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25294 - Envoy Gateway JSON Log Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25294 \nPublished : March 6, 2025, 7:15 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the attacker uses a specially crafted user-agent which performs json injection, then he could add and overwrite fields to the access log. This vulnerability is fixed in 1.3.1 and 1.2.7. One can overwrite the old text based default format with JSON formatter by modifying the \"EnvoyProxy.spec.telemetry.accessLog\" setting. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"06 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-06T22:12:23.000000Z"}, {"uuid": "02451301-d842-46a1-9742-fd7c9eed9006", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25296", "type": "published-proof-of-concept", "source": "Telegram/g_F7ts86Wf9TVkGvhLC4v8MUhSfefkchbq2qIDNQ61DvbUA", "content": "", "creation_timestamp": "2025-03-01T16:00:14.000000Z"}, {"uuid": "5062e271-0d22-43a9-8325-e1ba8d3c5251", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/dimaiosdev.bsky.social/post/3lkdbeyncf22c", "content": "", "creation_timestamp": "2025-03-14T09:12:21.887881Z"}, {"uuid": "25017d8b-3235-48ee-a50a-1e3d5e1c31ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/dimaiosdev.bsky.social/post/3lkdbeyncf22c", "content": "", "creation_timestamp": "2025-03-14T09:12:21.970246Z"}, {"uuid": "f40f337b-2f8e-4ac4-b562-0e3ad2d9ca3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaabxl23", "content": "", "creation_timestamp": "2025-03-15T06:09:33.070478Z"}, {"uuid": "9d2cc90e-8fba-465a-844c-d8e61db44e38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaabxl23", "content": "", "creation_timestamp": "2025-03-15T06:09:33.166085Z"}, {"uuid": "9ebb07bf-e637-472f-882e-9645b796148d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaaevd23", "content": "", "creation_timestamp": "2025-03-15T06:09:33.676929Z"}, {"uuid": "c9db5584-1cb1-41f3-8c18-b5ab413a3da0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaaful23", "content": "", "creation_timestamp": "2025-03-15T06:09:34.268284Z"}, {"uuid": "14ac2148-1ef7-4ec2-bec7-f256ccc7231b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaafum23", "content": "", "creation_timestamp": "2025-03-15T06:09:34.831831Z"}, {"uuid": "55d4620f-d54e-4f09-b414-079be80192d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaaevd23", "content": "", "creation_timestamp": "2025-03-15T06:09:33.755477Z"}, {"uuid": "e180fcfc-4db3-4665-b80e-50322cf30804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaaful23", "content": "", "creation_timestamp": "2025-03-15T06:09:34.350189Z"}, {"uuid": "3f8cbcb7-0d13-468e-b225-0f945375d0cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaafum23", "content": "", "creation_timestamp": "2025-03-15T06:09:34.911598Z"}, {"uuid": "e2d0a1a2-26c1-43f3-b096-ec8d151c0e37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaafun23", "content": "", "creation_timestamp": "2025-03-15T06:09:35.423313Z"}, {"uuid": "be5c76ee-6802-45a5-8ec0-8140022c8864", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/saveam.bsky.social/post/3lkfhdaafun23", "content": "", "creation_timestamp": "2025-03-15T06:09:35.501231Z"}, {"uuid": "3151f7e4-b643-40d7-b670-70129e32343e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokpweols2m", "content": "", "creation_timestamp": "2025-03-18T20:58:48.105232Z"}, {"uuid": "35274da9-a9d9-4323-abe3-2c35518de588", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokpweols2m", "content": "", "creation_timestamp": "2025-03-18T20:58:48.188575Z"}, {"uuid": "12e2b3d2-88b3-492e-b059-ac3c2f54e776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokqdygp32r", "content": "", "creation_timestamp": "2025-03-18T20:59:06.216653Z"}, {"uuid": "c09423c2-f348-4605-826e-fe2c4d2ee970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkokqdygp32r", "content": "", "creation_timestamp": "2025-03-18T20:59:06.302497Z"}, {"uuid": "bf3a54a6-462b-456c-8247-7678e1f3fea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lkomemcicw2k", "content": "", "creation_timestamp": "2025-03-18T21:28:16.210942Z"}, {"uuid": "2e92ad91-9095-4e0e-8a26-f95fb3a34dab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25293", "type": "seen", "source": "MISP/682bdba3-46b7-4a8f-b7be-c6bf4b4f9868", "content": "", "creation_timestamp": "2025-08-13T13:26:34.000000Z"}, {"uuid": "84af3b9f-2f00-475e-8dba-a76f15019f08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3m7ljpqhxj225", "content": "", "creation_timestamp": "2025-12-09T21:51:55.557434Z"}, {"uuid": "2f4fe5fa-4828-4dc5-9b72-d66af34e7bb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25299", "type": "seen", "source": "https://t.me/cvedetector/18602", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25299 - CKEditor 5 Real-Time Collaboration Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25299 \nPublished : Feb. 20, 2025, 8:15 p.m. | 1\u00a0hour, 23\u00a0minutes ago \nDescription : CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within the document. It can lead to unauthorized JavaScript code execution, which might happen with a very specific editor and token endpoint configuration. This vulnerability affects only installations with Real-time collaborative editing enabled. The problem has been recognized and patched. The fix is available in version 44.2.1 (and above). Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T23:12:09.000000Z"}, {"uuid": "5353f89b-5aa4-44dd-b7ce-0db324d04ed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25294", "type": "seen", "source": "Telegram/gFgc_m98whrEiaktviwszW_cDOTvbwgrI0O3I5rQz-NNH2hD", "content": "", "creation_timestamp": "2025-03-08T04:34:11.000000Z"}, {"uuid": "f0f8a3d8-3af2-49b6-b4b3-700ecc345ebb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25296", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/16146", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aProof of Concept (POC) for the CVE-2025-25296 vulnerability affecting Label Studio versions prior to 1.16.0\nURL\uff1ahttps://github.com/math-x-io/CVE-2025-25296-POC\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-03-01T02:12:08.000000Z"}, {"uuid": "2770dcd5-64e4-47fa-ad48-87d6b283dd7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25290", "type": "seen", "source": "https://t.me/cvedetector/18144", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25290 - GitHub Octokit Regular Expression Denial of Service (ReDoS)\", \n  \"Content\": \"CVE ID : CVE-2025-25290 \nPublished : Feb. 14, 2025, 8:15 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : @octokit/request sends parameterized requests to GitHub\u2019s APIs with sensible defaults in browsers and Node. Starting in version 1.0.0 and prior to version 9.2.1, the regular expression `/<([^]+)>; rel=\"deprecation\"/` used to match the `link` header in HTTP responses is vulnerable to a ReDoS (Regular Expression Denial of Service) attack. This vulnerability arises due to the unbounded nature of the regex's matching behavior, which can lead to catastrophic backtracking when processing specially crafted input. An attacker could exploit this flaw by sending a malicious `link` header, resulting in excessive CPU usage and potentially causing the server to become unresponsive, impacting service availability. Version 9.2.1 fixes the issue. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T00:08:43.000000Z"}, {"uuid": "db674fac-2cfe-4ce8-900e-683eb318e815", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25296", "type": "seen", "source": "https://t.me/cvedetector/18140", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25296 - Label Studio Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25296 \nPublished : Feb. 14, 2025, 8:15 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's `/projects/upload-example` endpoint allows injection of arbitrary HTML through a `GET` request with an appropriately crafted `label_config` query parameter. By crafting a specially formatted XML label config with inline task data containing malicious HTML/JavaScript, an attacker can achieve Cross-Site Scripting (XSS). While the application has a Content Security Policy (CSP), it is only set in report-only mode, making it ineffective at preventing script execution. The vulnerability exists because the upload-example endpoint renders user-provided HTML content without proper sanitization on a GET request. This allows attackers to inject and execute arbitrary JavaScript in victims' browsers by getting them to visit a maliciously crafted URL. This is considered vulnerable because it enables attackers to execute JavaScript in victims' contexts, potentially allowing theft of sensitive data, session hijacking, or other malicious actions. Version 1.16.0 contains a patch for the issue. \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-15T00:08:40.000000Z"}, {"uuid": "7d516201-f8f9-4158-9a42-b3a13170fd7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25295", "type": "seen", "source": "https://t.me/cvedetector/18127", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25295 - Label Studio Path Traversal File Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-25295 \nPublished : Feb. 14, 2025, 5:15 p.m. | 1\u00a0hour, 2\u00a0minutes ago \nDescription : Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a `download` function on the `label-studio-sdk` python package, which fails to validate file paths when processing image references during task exports. By creating tasks with path traversal sequences in the image field, an attacker can force the application to read files from arbitrary server filesystem locations when exporting projects in any of the mentioned formats. This is authentication-required vulnerability allowing arbitrary file reads from the server filesystem. It may lead to potential exposure of sensitive information like configuration files, credentials, and confidential data. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio version 1.13.2.dev0; therefore, Label Studio users should upgrade to 1.16.0 or newer to mitigate it. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-14T19:57:02.000000Z"}, {"uuid": "0d796a8e-e457-4f22-a23b-56b3ef6fd5a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/itsec_news/5499", "content": "\u200b\u26a1\ufe0f\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u0435 ruby-saml \u043d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u043e: \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0433\u0440\u043e\u0436\u0430\u044e\u0442 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\ud83d\udcac \u0412 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 ruby-saml, \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u043d\u043e\u0439 \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u043c Security Assertion Markup Language (SAML), \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u042d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0443\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u0438 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0443\u0447\u0451\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\nSAML \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0434\u0430\u0447\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043c\u0435\u0436\u0434\u0443 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u0441\u0435\u0440\u0432\u0438\u0441\u0430\u043c\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0435\u0434\u0438\u043d\u043e\u0436\u0434\u044b \u0432\u0445\u043e\u0434\u0438\u0442\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 (SSO) \u0438 \u043f\u043e\u043b\u0443\u0447\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c \u0431\u0435\u0437 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0433\u043e \u0432\u0432\u043e\u0434\u0430 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u041e\u0434\u043d\u0430\u043a\u043e \u0432 \u043a\u043e\u0434\u0435 ruby-saml \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0442 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u043c \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0414\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b CVE-2025-25291 \u0438 CVE-2025-25292 , \u0438\u043c\u0435\u044e\u0442 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 CVSS \u2014 8.8 \u0438\u0437 10. \u041e\u043d\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u043c\u043b\u0430\u0434\u0448\u0435 1.12.4, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 \u043e\u0442 1.13.0 \u0434\u043e 1.18.0 (\u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e).\n\n\u041f\u0440\u0438\u0447\u0438\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043a\u0440\u043e\u0435\u0442\u0441\u044f \u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u0438\u044f\u0445 \u043c\u0435\u0436\u0434\u0443 \u043f\u0430\u0440\u0441\u0435\u0440\u0430\u043c\u0438 XML REXML \u0438 Nokogiri, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043f\u043e-\u0440\u0430\u0437\u043d\u043e\u043c\u0443 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0438\u0440\u0443\u044e\u0442 \u043e\u0434\u0438\u043d \u0438 \u0442\u043e\u0442 \u0436\u0435 XML-\u043a\u043e\u0434. \u042d\u0442\u043e \u0440\u0430\u0441\u0445\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0430\u0442\u0430\u043a\u0438 Signature Wrapping, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u043b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 GitHub \u0432\u044b\u044f\u0432\u0438\u043b\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 2024 \u0433\u043e\u0434\u0430. \u0421\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0438, \u0447\u0442\u043e \u044d\u0442\u0438 \u043e\u0448\u0438\u0431\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0437\u0430\u0445\u0432\u0430\u0442\u0443 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435, \u043e\u0431\u043b\u0430\u0434\u0430\u044f \u043e\u0434\u043d\u043e\u0439 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u044c\u044e, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043b\u044e\u0447\u0430, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 SAML-\u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u0438\u043b\u0438 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0439, \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c SAML-\u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 1.12.4 \u0438 1.18.0 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0435\u0449\u0451 \u043e\u0434\u043d\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 ( CVE-2025-25293 , CVSS 7.7), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u043a\u0430\u0437\u043e\u043c \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 (DoS). \u041e\u043d\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u0436\u0430\u0442\u044b\u0445 SAML-\u043e\u0442\u0432\u0435\u0442\u043e\u0432 \u0438 \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043b\u044f \u0434\u0435\u0441\u0442\u0430\u0431\u0438\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0440\u0430\u0431\u043e\u0442\u044b \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u0432.\n\n\u041b\u0430\u0431\u043e\u0440\u0430\u0442\u043e\u0440\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 GitHub \u043e\u0442\u043c\u0435\u0447\u0430\u0435\u0442, \u0447\u0442\u043e \u043a\u043e\u0440\u0435\u043d\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u2014 \u043d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0435 \u043c\u0435\u0436\u0434\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0445\u0435\u0448\u0430 \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u0447\u0442\u043e \u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0440\u0430\u0437\u043d\u0438\u0446\u0443 \u0432 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 XML-\u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u044e\u0442 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c ruby-saml \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0440\u0438\u0441\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439. \u0420\u0430\u043d\u0435\u0435, \u0432 2024 \u0433\u043e\u0434\u0443, GitLab \u0438 ruby-saml \u0443\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0431\u0430\u0433 ( CVE-2024-45409 , CVSS 10.0), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2025-03-15T14:47:01.000000Z"}, {"uuid": "e2d17c83-b5c7-4de1-b678-7da84c74b87f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25292", "type": "seen", "source": "https://t.me/ton618cyber/8022", "content": "GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks\n\nruby-saml vulnerabilities (CVE-2025-25291, CVE-2025-25292) allow SAML authentication bypass (CVSS 8.8). Update to versions 1.12.4 or 1.18.0 now.\n\nThe Hacker News | thehackernews.com \u2022 Mar 13, 2025", "creation_timestamp": "2025-03-25T00:46:04.000000Z"}, {"uuid": "5bbe3a0c-dfbf-4cc6-bd48-701cfc8c9f1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25291", "type": "seen", "source": "https://t.me/ton618cyber/8022", "content": "GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks\n\nruby-saml vulnerabilities (CVE-2025-25291, CVE-2025-25292) allow SAML authentication bypass (CVSS 8.8). Update to versions 1.12.4 or 1.18.0 now.\n\nThe Hacker News | thehackernews.com \u2022 Mar 13, 2025", "creation_timestamp": "2025-03-25T00:46:04.000000Z"}]}