CVE Details
Basic Information
| Title |
CVE-2025-47949 |
| Type |
cve |
| Published |
2025-05-19T20:15:26 |
| Last Seen |
2025-05-19T20:23:58 |
CVSS Information
| Base Score |
0.0 () |
| Attack Vector |
|
| Attack Complexity |
|
| Privileges Required |
|
| User Interaction |
|
| Scope |
|
| Confidentiality Impact |
|
| Integrity Impact |
|
| Availability Impact |
|
AI Analysis
| AI Description |
A Signature Wrapping vulnerability in samlify allows attackers to forge SAML responses, enabling authentication as any user. This critical issue affects versions prior to 2.10.0 and poses a significant risk due to the high CVSS score of 9.9. |
| AI Severity |
Critical |
| Vendor |
SAMLify Community |
| Product |
samlify |
| Affected Version |
versions before 2.10.0 |
Additional Information
| CVE List |
CVE-2025-47949 |
| CWE List |
CWE-347 |
| Bulletin Family |
cve |
Description
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML…
CVSS Score Summary
Base Score: %!f(string=#) ()
View Full CVE Details
