Bundle - Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0

Created on 2025-03-13 05:57, updated on 2025-03-13 05:57, by Cédric Bonhomme

Description

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. More information: https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/

Vulnerabilities included in this bundle

CVE-2024-45409:
CVE-2025-25292:
CVE-2024-9487:
CVE-2025-25291:

Combined detection rules

Detection rules are retrieved from Rulezet.

Combined sightings

Author	Vulnerability	Source	Type	Date

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0

Description

Vulnerabilities included in this bundle

Meta

Combined detection rules

Combined sightings