CVE-2025-22146

CVE-2025-22146 is a critical vulnerability in the SAML SSO implementation of Sentry, a developer-first error tracking and performance monitoring tool. It enables account takeover of any user on a Sentry instance and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), mapped to CWE-287 (Improper Authentication). The flaw was responsibly disclosed through Sentry's private bug bounty program and affects both Sentry SaaS and self-hosted deployments.

An unauthenticated attacker can exploit this vulnerability by controlling a malicious SAML Identity Provider and leveraging another organization on the same Sentry instance. With knowledge of the victim's email address, the attacker can fully compromise the target user account, gaining unauthorized access to sensitive data and functionalities associated with that account.

Sentry advisories recommend immediate mitigation: the SaaS platform received a fix on January 14, 2025. Self-hosted users with `SENTRY_SINGLE_ORGANIZATION = True` require no action, but others must upgrade to version 25.1.0 or higher. No workarounds are available. Details are in the security advisory at https://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w and the fix pull request at https://github.com/getsentry/sentry/pull/83407.