Vulnerability in Saml-toolkits Ruby-saml

CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri…

EPSS: 0.004 (29.9th percentile) — read the EPSS interpretation.

Affected products

Saml-toolkits Ruby-saml — versions < 1.18.0

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3 (x_refsource_CONFIRM)
https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97 (x_refsource_MISC)
https://github.com/advisories/GHSA-754f-8gm6-c4r2 (x_refsource_MISC)