→

CVE-2025-25292: Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

Summary

An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack.

Impact

This issue may lead to authentication bypass.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-25292

CVE-2025-25292:

9.3

CVSS Score

4.0

-

CVSS Score

-

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
ruby-saml	rubygems	>= 1.13.0, < 1.18.0	1.18.0
ruby-saml	rubygems	< 1.12.4	1.12.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from inconsistent XML parsing between REXML and Nokogiri. The valid_saml? method in SamlMessage lacked proper malformed XML checks (via check_malformed_doc), allowing attackers to craft documents parsed differently by the two libraries. In XMLSecurity::BaseDocument, signature validation used REXML for element selection but Nokogiri for canonicalization, creating a mismatch between what was verified and what was actually signed. The patches introduced XMLSecurity::BaseDocument.safe_load_xml with strict parsing rules and check_malformed_doc flags to enforce consistent parsing, confirming these were the vulnerable points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-25292: Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

Summary

Impact

CVE-2025-25292:

9.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2025-25292: Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

Summary

Impact

9.3

9.3

9.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-25292: Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

Summary

Impact

CVE-2025-25292:

9.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

CVE-2025-25292: Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

Summary

Impact

9.3

9.3

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI