CRITICAL🇵🇱 Wersja polska

CVE-2025-47949

CVSS 9.9v4.0pub. 2025-05-19upd. 2025-09-19

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

🤖 AI Analysis
How it works

Signature Wrapping attack involves manipulating the structure of an XML document containing a SAML response — the attacker does not need to break the cryptographic signature, but exploits an error in its verification (CWE-347: Improper Verification of Cryptographic Signature). It is sufficient for the attacker to have any properly signed XML document issued by the identity provider. By manipulating the XML structure, the attacker can inject forged assertions containing any user identity, while the library incorrectly considers the signature as valid.

Impact

An attacker can authenticate as any user in the system — including as an administrator — without knowing the password or other authentication credentials, leading to complete account takeover and unauthorized access to protected resources.

Mitigation & patch

The samlify library should be updated immediately to version 2.10.0, which contains a patch eliminating the vulnerability. Details are available in the project's GitHub repository and in the official security advisory (GHSA-r683-v43c-6xqv).

Who is affected

Node.js applications using the samlify library in versions earlier than 2.10.0.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Samlify Project Samlify

    APP
    Samlify Project
    < 2.10.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-46490HIGH8.7ten sam produkt

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution...

CVE-2017-1000452HIGH7.5ten sam produkt

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 ...