N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-5j8p-438x-rgg5

GHSA-5j8p-438x-rgg5: SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475

Summary

There is a critical vulnerability on xmlseclibs CVE-2025-66475, a dependency of php-saml

Update to the following versions of php-saml which forces the use of patched versions of xmlseclibs:

Impact

Signature Wrapping Vulnerabilities allows an attacker to impersonate a user.

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-5j8p-438x-rgg5

GHSA-5j8p-438x-rgg5:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
onelogin/php-saml	composer	< 2.21.1	2.21.1
onelogin/php-saml	composer	>= 3.0.0, < 3.8.1	3.8.1
onelogin/php-saml	composer	>= 4.0.0, < 4.3.1	4.3.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-5j8p-438x-rgg5: SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475

GHSA-5j8p-438x-rgg5:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Technical Details

GHSA-5j8p-438x-rgg5: SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475

N/A

N/A

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI