Vulnerability in Node-saml Xml-crypto

CVE-2025-29775

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that…

EPSS: 0.094 (94.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-29775?
CVE-2025-29775 is a vulnerability in Node-saml Xml-crypto, classified under Improper Verification of Cryptographic Signature. Published 2025-03-14.
Is CVE-2025-29775 known to be exploited?
11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.