Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Critical Authentication Bypass in ruby-saml

2025-03-15
Critical Authentication Bypass in ruby-saml

Researchers at GitHub Security Lab discovered two critical authentication bypass vulnerabilities (CVE-2025-25291 and CVE-2025-25292) in the ruby-saml library. Attackers can use a single valid signature to forge SAML assertions, allowing account takeover by logging in as any user. The vulnerability stems from ruby-saml's use of two different XML parsers (REXML and Nokogiri), creating a parser differential exploited by attackers. Version 1.18.0 fixes the vulnerability; all users are urged to update immediately.

(github.blog)
Development
arXivLabs: Experimenting with Community-Driven arXiv Features
An Eight-Year-Old Polyomino Tiling Algorithm: Backtracking Search with Heuristics