VYPR
High severity8.6OSV Advisory· Published Mar 11, 2025· Updated Apr 15, 2026

CVE-2025-27773

CVE-2025-27773

Description

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
simplesamlphp/saml2Packagist
< 4.17.04.17.0
simplesamlphp/saml2Packagist
>= 5.0.0-alpha.1, < 5.0.0-alpha.205.0.0-alpha.20
simplesamlphp/saml2-legacyPackagist
< 4.17.04.17.0

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.