CVE-2025-27773
Published: 11 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-27773 affects the SimpleSAMLphp SAML2 library, a PHP library for SAML2-related functionality. In versions prior to 4.17.0 and 5.0.0-alpha.20, the library contains a signature confusion vulnerability in the HTTPRedirect binding. This flaw, classified under CWE-347 (Improper Verification of Cryptographic Signature), allows improper handling of signatures in SAMLResponses, with a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).
An unauthenticated network attacker can exploit this vulnerability with low complexity and no user interaction. By supplying any signed SAMLResponse via the HTTP-Redirect binding, the attacker can cause the application to accept an unsigned message, leading to high integrity impacts such as potential bypass of authentication or authorization checks in SAML-dependent systems.
Mitigation requires upgrading to SimpleSAMLphp SAML2 versions 4.17.0 or 5.0.0-alpha.20, which contain the fix. The GitHub security advisory GHSA-46r4-f8gj-xg56 details the issue, with the patching commit at 7867d6099dc7f31bed1ea10e5bea159c5623d2a0. Affected code is in HTTPRedirect.php lines 104-113 and 178-217. Debian LTS users should refer to the announcement at lists.debian.org/debian-lts-announce/2025/05/msg00013.html for package updates.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows unauthenticated remote attackers to bypass SAML signature verification in the HTTP-Redirect binding of a public-facing SAML library/application, directly enabling exploitation of public-facing applications to achieve authentication/authorization bypass.