Vulnerability in Node-saml Xml-crypto
CVE-2025-29775
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that…
EPSS: 0.094 (94.8th percentile) — read the EPSS interpretation.
Affected products
- Node-saml Xml-crypto — versions >= 4.0.0, < 6.0.1, >= 3.0.0, < 3.2.1, < 2.1.6
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- af854a3a-2127-422b-91ae-364da2661108
Frequently asked questions
- What is CVE-2025-29775?
- CVE-2025-29775 is a vulnerability in Node-saml Xml-crypto, classified under Improper Verification of Cryptographic Signature. Published 2025-03-14.
- Is CVE-2025-29775 known to be exploited?
- 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.