The vulnerability enables attackers to execute sophisticated signature wrapping attacks and completely circumvent SAML authentication, posing severe security risks to organizations that rely on this widely used authentication protocol.
The flaw, tracked as CVE-2025-25293 (also related to the incomplete fix for CVE-2025-25292), stems from differences in XML parsing behavior between the ReXML and Nokogiri libraries.
These two XML parsers can generate entirely different document structures from the same XML input, creating a critical security gap that attackers can exploit.
The vulnerability is an incomplete fix for CVE-2025-25292, demonstrating how partial remediation can leave systems exposed to determined threat actors.
By leveraging the parser differential behavior, attackers can craft malicious SAML responses that bypass signature validation and authentication controls, effectively gaining unauthorized access to protected systems.
This authentication-bypass vulnerability is critical for any organization using Ruby SAML versions before 1.18.0.
The ability to execute signature wrapping attacks enables attackers to forge valid-looking SAML responses without legitimate credentials, gain unauthorized access to applications and services protected by SAML single sign-on, potentially escalate privileges, or compromise multi-factor authentication implementations that rely on SAML infrastructure.
The vulnerability affects all Ruby SAML versions below 1.18.0, creating a substantial attack surface across numerous enterprise deployments that depend on this library for identity federation and authentication.
The SAML-Toolkits development team has released version 1.18.0, which addresses this vulnerability. Organizations should immediately upgrade to Ruby SAML 1.18.0 or later to eliminate the authentication bypass risk.
The fix addresses the underlying parser differential issue that enabled the signature wrapping attack.
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Update
The post Critical Ruby SAML Flaw Allows Attackers to Bypass Authentication appeared first on Cyber Security News.
Publisher EA and developer Battlefield Studios have offered further clarification for their Battlefield 6 2026…
The audio savvy know that a single speaker isn't enough to reproduce an entire soundstage.…
The Sonos Earth Day Sale started on April 17 and is set to end on…
NetApp has followed the experiences of its customers and adopted Google Gemini Enterprise across the…
HBHR (HealthBoxHR) has announced HRGenie Auto. The new Agentic AI capability further enhances its AI-powered,…
Datadog just dropped a new tool designed to stop AI projects from bleeding cash on…
This website uses cookies.