GitHub’s Security Lab has identified two severe vulnerabilities in the open-source ruby-saml library, which could enable attackers to bypass Security Assertion Markup Language (SAML) authentication mechanisms. These vulnerabilities pose a significant security risk, potentially leading to account takeovers and unauthorized access.
Understanding the Ruby-SAML Vulnerabilities
The identified vulnerabilities, tracked as CVE-2025-25291 and CVE-2025-25292, have been assigned a CVSS score of 8.8, indicating a high severity level. These flaws impact:
- Ruby-SAML versions below 1.12.4
- Ruby-SAML versions 1.13.0 to 1.18.0 (excluding 1.18.0)
These security issues arise due to inconsistencies in how the REXML and Nokogiri libraries parse XML data, leading to potential authentication bypass scenarios. By exploiting these discrepancies, attackers can manipulate SAML responses, potentially logging in as any user within an organization.
How Attackers Can Exploit These Flaws
If an attacker obtains a valid signature created with the key used to validate SAML responses, they can craft malicious SAML assertions. This could allow them to:
- Bypass authentication protocols
- Gain unauthorized access to user accounts
- Compromise sensitive organizational data
Additional Security Risks: Denial-of-Service (DoS) Attack
Alongside authentication bypass risks, a related vulnerability (CVE-2025-25293) with a CVSS score of 7.7 was also discovered. This flaw enables attackers to launch remote denial-of-service (DoS) attacks by sending specially crafted compressed SAML responses, overwhelming the system and causing service disruptions.
How to Protect Your Organization
To mitigate these risks, immediate action is required. The maintainers of ruby-saml have released patched versions:
✅ Upgrade to Ruby-SAML 1.12.4 or 1.18.0 to eliminate security vulnerabilities.
✅ Regularly monitor and update dependencies to prevent exploitation of outdated libraries.
✅ Implement additional security measures such as multi-factor authentication (MFA) to enhance protection against unauthorized access.
Conclusion: Stay Secure by Updating Immediately
The discovery of these ruby-saml vulnerabilities highlights the need for continuous security vigilance. Organizations using affected versions should urgently apply the patches to mitigate authentication bypass and DoS risks. Keeping software dependencies up to date is a critical step in safeguarding sensitive information from cyber threats.
For more information and the latest updates, visit the official GitHub Security Blog.