Vulnerability in Saml-toolkits Ruby-saml

CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformati…

EPSS: 0.002 (10.8th percentile) — read the EPSS interpretation.

Affected products

Saml-toolkits Ruby-saml — versions < 1.18.0

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-x4h9-gwv3-r4m4 (x_refsource_CONFIRM)
https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a (x_refsource_MISC)