Mendix SAML: Sig Validation Bypass (<V4.0.3)
CVE-2025-40758 Published on August 14, 2025

A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations.

NVD

Weakness Type

Improper Verification of Cryptographic Signature

The software does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Versions

Siemens Mendix SAML (Mendix 10.12 compatible):

Before V4.0.3 is affected.

Siemens Mendix SAML (Mendix 10.21 compatible):

Before V4.1.2 is affected.

Siemens Mendix SAML (Mendix 9.24 compatible):

Before V3.6.21 is affected.

Exploit Probability

EPSS

0.02%

Percentile

6.01%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Mendix SAML: Sig Validation Bypass (<V4.0.3)CVE-2025-40758 Published on August 14, 2025

Weakness Type

Improper Verification of Cryptographic Signature

Affected Versions

Exploit Probability

Mendix SAML: Sig Validation Bypass (<V4.0.3)
CVE-2025-40758 Published on August 14, 2025