Unrated severityNVD Advisory· Published Sep 16, 2025· Updated Sep 30, 2025

psPAS does not enforce TLS 1.2 within Get-PASSAMLResponse

CVE-2025-59270

Description

psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.209.

Affected products

psPAS/psPASllm-create
Range: <7.0.209
pspete/psPASv5
Range: 6.4.85

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/pspete/psPAS/commit/2a8b1b4bc001bec9969ea512ed83386ed3e0b8f8mitre
github.com/pspete/psPAS/releases/tag/v7.0.209mitre
raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-258-01.jsonmitre
www.cve.org/CVERecordmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000