Headline
GHSA-9v8j-x534-2fx3: Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Summary
Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not affect the version 1.18.0.
Impact
That allows an attacker to be able to execute a Signature Wrapping attack and bypass the authentication
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-66567
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Critical severity GitHub Reviewed Published Dec 8, 2025 in SAML-Toolkits/ruby-saml • Updated Dec 8, 2025
Package
Affected versions
< 1.18.0
Summary
Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not affect the version 1.18.0.
Impact
That allows an attacker to be able to execute a Signature Wrapping attack and bypass the authentication
References
- GHSA-9v8j-x534-2fx3
- SAML-Toolkits/ruby-saml@e9c1cdb
- GHSA-754f-8gm6-c4r2
Published to the GitHub Advisory Database
Dec 8, 2025
Related news
If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready. Below, we list the urgent updates you need to install right now to stop these active threats. ⚡ Threat of the Week Apple and