Ruby-saml Auth Bypass via Signature Wrapping (before 1.12.4/1.18.0)
CVE-2025-25292 Published on March 12, 2025
Ruby SAML vulnerable to SAML authentication bypass due to namespace handling (parser differential)
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.
Weakness Types
Improper Verification of Cryptographic Signature
The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Interpretation Conflict
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state. This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to behave.
Products Associated with CVE-2025-25292
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-25292 are published in these products:
Affected Versions
SAML-Toolkits ruby-saml:- Version < 1.12.4 is affected.
- Version >= 1.13.0, < 1.18.0 is affected.
Vulnerable Packages
The following package name and versions may be associated with CVE-2025-25292
| Package Manager | Vulnerable Package | Versions | Fixed In |
|---|---|---|---|
| rubygems | ruby-saml | < 1.18.0 | 1.18.0 |
| rubygems | ruby-saml | < 1.12.4 | 1.12.4 |
| rubygems | ruby-saml | >= 1.13.0, < 1.18.0 | 1.18.0 |
| rubygems | omniauth-saml | < 1.10.6 | 1.10.6 |
| rubygems | omniauth-saml | >= 2.0.0, < 2.1.3 | 2.1.3 |
| rubygems | omniauth-saml | >= 2.2.0, < 2.2.3 | 2.2.3 |
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.