CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping

May 6, 2025 invoker category_cve

Vulnerability Details

Basic Information

Title CVE-2025-46572 passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping
Type cve
Published 2025-05-06T20:18:26
Last Seen 2025-05-06T20:47:49
CVSS Score 0.0 ()

CVSS v3 Details

Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact

CVE Information

CVE IDs CVE-2025-46572
CWE CWE-287
Bulletin Family cve

Description

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate…

Impact Assessment

Base Score 0.0
Severity

View full CVE details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.