CVE-2025-66567: ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

Published Dec 8, 2025
·
Updated

Summary

Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not affect the version 1.18.0.

Impact That allows an attacker to be able to execute a Signature Wrapping attack and bypass the authentication

Other sources

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different document structures from the same input. This allows an attacker to execute a Signature Wrapping attack. This issue is fixed in version 1.18.0.

MITRE

Affected Software

2 affected componentsFixes available
rubygems/ruby-saml<1.18.0
1.18.0
onelogin Ruby-SAML<1.18.0

Remediation

Patch Available

https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97

Event History

Dec 8, 2025
Advisory Published
via GitHub·09:30 PM
Data Sourced
via GitHub·09:30 PM
DescriptionWeaknessAffected Software
Dec 9, 2025
CVE Published
via MITRE·01:55 AM
Data Sourced
via MITRE·01:55 AM
DescriptionWeakness
Data Sourced
via NVD·04:18 PM
RemedyDescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-66567?

CVE-2025-66567 has been classified with a high severity due to its potential for authentication bypass.

2

How do I fix CVE-2025-66567?

To fix CVE-2025-66567, upgrade ruby-saml to version 1.18.0 or later.

3

What is the impact of CVE-2025-66567?

CVE-2025-66567 can allow attackers to bypass authentication mechanisms when using certain XML parsing libraries.

4

Which versions of ruby-saml are affected by CVE-2025-66567?

CVE-2025-66567 affects ruby-saml versions up to and including 1.12.4.

5

Is CVE-2025-66567 related to any other vulnerabilities?

Yes, CVE-2025-66567 is an incomplete fix for the previously reported CVE-2025-25292.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203