SAML 2.0 Public Key Validation Issue

August 5, 2025 invoker category_cve

CVE Details

Basic Information

Title SAML 2.0 Public Key Validation Issue
Type cve
Published 2025-08-05T05:36:06.752Z
Modified 2025-08-05T05:36:06.752Z

Product Information

Vendor Zscaler
Product Authentication Server
Version 0

CVSS Information

Base Score 9.6 (CRITICAL)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

AI Analysis

AI Description A vulnerability in Zscaler’s SAML authentication allows improper verification of cryptographic signatures, potentially enabling authentication abuse.
AI Severity Critical
AI Vendor Zscaler
AI Product Authentication Server
AI Version 0

Affected Products

  • Zscaler Authentication Server 0

Additional Information

CWE List CWE-347
Source Zscaler

Description

An improper verification of cryptographic signature in Zscaler’s SAML authentication mechanism on the server-side allowed an authentication abuse.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.