Headline
GHSA-c4cc-x928-vjw9: robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation
Summary
An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by xmlseclibs during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created during a previous interaction - or through a misconfigured authentication flow - can be replayed to bypass authentication checks.
Details
When libxml2’s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. xmlseclibs then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded.
https://github.com/robrichards/xmlseclibs/blob/f4131320c6dcd460f1b0c67f16f8bf24ce4b5c3e/src/XMLSecurityDSig.php#L296
Impact
Digest bypass: By crafting input that causes canonicalization to yield an empty string, the attacker can manipulate validation to pass incorrectly.
Signature replay on empty canonical form: If an empty string has been signed once (e.g., in a prior interaction or via a misconfigured flow), that signature can potentially be replayed to bypass authentication.
Suggested remediation
Treat canonicalization failures (exceptions or nil/empty outputs) as fatal and abort validation. Add explicit checks: reject when canonicalize returns nil/empty or raise
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-66578
robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass Digest/Signature validation
Moderate severity GitHub Reviewed Published Dec 8, 2025 in robrichards/xmlseclibs • Updated Dec 8, 2025
Package
composer robrichards/xmlseclibs (Composer)
Affected versions
<= 3.1.3
Summary
An authentication bypass vulnerability exists due to a flaw in the libxml2 canonicalization process, which is used by xmlseclibs during document transformation. This weakness allows an attacker to generate a valid signature once and reuse it indefinitely. In practice, a signature created during a previous interaction - or through a misconfigured authentication flow - can be replayed to bypass authentication checks.
Details
When libxml2’s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. xmlseclibs then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded.
https://github.com/robrichards/xmlseclibs/blob/f4131320c6dcd460f1b0c67f16f8bf24ce4b5c3e/src/XMLSecurityDSig.php#L296
Impact
Digest bypass: By crafting input that causes canonicalization to yield an empty string, the attacker can manipulate validation to pass incorrectly.
Signature replay on empty canonical form: If an empty string has been signed once (e.g., in a prior interaction or via a misconfigured flow), that signature can potentially be replayed to bypass authentication.
Suggested remediation
Treat canonicalization failures (exceptions or nil/empty outputs) as fatal and abort validation.
Add explicit checks: reject when canonicalize returns nil/empty or raise
References
- GHSA-c4cc-x928-vjw9
- robrichards/xmlseclibs@69fd630
- https://github.com/robrichards/xmlseclibs/blob/f4131320c6dcd460f1b0c67f16f8bf24ce4b5c3e/src/XMLSecurityDSig.php#L296
Published to the GitHub Advisory Database
Dec 8, 2025