Auth bypass in Mendix Saml
CVE-2023-25957
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All ver…
EPSS: 0.006 (43.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Mendix Saml
- Siemens Mendix Saml (Mendix 7 Compatible) — versions All versions >= V1.16.4 < V1.17.3
- Siemens Mendix Saml (Mendix 8 Compatible) — versions All versions >= V2.2.0 < V2.3.0
- Siemens Mendix Saml (Mendix 9.6 Compatible, New Track) — versions All versions >= V3.1.9 < V3.2.7
- Siemens Mendix Saml (Mendix 9.6 Compatible, Upgrade Track) — versions All versions >= V3.1.8 < V3.2.6
- Siemens Mendix Saml (Mendix 9 Latest Compatible, New Track) — versions All versions >= V3.1.9 < V3.3.1
- Siemens Mendix Saml (Mendix 9 Latest Compatible, Upgrade Track) — versions All versions >= V3.1.8 < V3.3.0
Weakness classification (CWE)
References
- productcert@siemens.com (Third Party Advisory)
Frequently asked questions
- What is CVE-2023-25957?
- CVE-2023-25957 is a critical-severity vulnerability in Mendix Saml, classified under Incorrect Implementation of Authentication Algorithm. CVSS score: 9.1/10. Published 2023-03-14.
- How severe is CVE-2023-25957?
- Critical severity. CVSS v3 base score is 9.1 out of 10.