Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

The Hacker News by The Hacker News
March 13, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Mar 13, 2025Ravie LakshmananAuthentication / Vulnerability

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections.

SAML is an XML-based markup language and open-standard used for exchanging authentication and authorization data between parties, enabling features like single sign-on (SSO), which allows individuals to use a single set of credentials to access multiple sites, services, and apps.

The vulnerabilities, tracked as CVE-2025-25291 and CVE-2025-25292, carry a CVSS score of 8.8 out of 10.0. They affect the following versions of the library –

  • < 1.12.4
  • >= 1.13.0, < 1.18.0

Both the shortcomings stem from how both REXML and Nokogiri parse XML differently, causing the two parsers to generate entirely different document structures from the same XML input

This parser differential allows an attacker to be able to execute a Signature Wrapping attack, leading to an authentication bypass. The vulnerabilities have been addressed in ruby-saml versions 1.12.4 and 1.18.0.

Cybersecurity

Microsoft-owned GitHub, which discovered and reported the flaws in November 2024, said they could be abused by malicious actors to conduct account takeover attacks.

“Attackers who are in possession of a single valid signature that was created with the key used to validate SAML responses or assertions of the targeted organization can use it to construct SAML assertions themselves and are in turn able to log in as any user,” GitHub Security Lab researcher Peter Stöckli said in a post.

The Microsoft-owned subsidiary also noted that the issue boils down to a “disconnect” between verification of the hash and verification of the signature, opening the door to exploitation via a parser differential.

Versions 1.12.4 and 1.18.0 also plug a remote denial-of-service (DoS) flaw when handling compressed SAML responses (CVE-2025-25293, CVSS score: 7.7). Users are recommended to update to the latest version to safeguard against potential threats.

The findings come nearly six months after GitLab and ruby-saml moved to address another critical vulnerability (CVE-2024-45409, CVSS score: 10.0) that could also result in an authentication bypass.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Snowflake Extends Anomalo Strategic Alliance With Financial Investment

Snowflake Extends Anomalo Strategic Alliance With Financial Investment

Recommended.

[MWC 2026] GSMA zverejnila špecifikáciu používateľského zážitku pre natívne AI aplikácie na telefonovanie

[MWC 2026] GSMA zverejnila špecifikáciu používateľského zážitku pre natívne AI aplikácie na telefonovanie

March 12, 2026
Employers target engineers with LLM skills

Employers target engineers with LLM skills

March 20, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio