CVE-2025-25291

Publication date 12 March 2025

Last updated 3 April 2025

Ubuntu priority

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ruby-saml	25.04 plucky	Needs evaluation
	24.10 oracular	Fixed 1.15.0-1ubuntu0.24.10.2
	24.04 LTS noble	Fixed 1.15.0-1ubuntu0.24.04.1+esm1
	22.04 LTS jammy	Fixed 1.13.0-1ubuntu0.1+esm1
	20.04 LTS focal	Fixed 1.11.0-1ubuntu0.1+esm1
	18.04 LTS bionic	Fixed 1.7.2-1ubuntu0.1~esm2
	16.04 LTS xenial	Ignored risks regression

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes

juliaphoebe

The backport involves introducing infrastructure for the idp_multi_cert mechanism, which touches enough files that the backport is unnecessarily risky.

References

Related Ubuntu Security Notices (USN)