ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Description
The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different document structures from the same input. This allows an attacker to execute a Signature Wrapping attack. This issue is fixed in version 1.18.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An authentication bypass in ruby-saml ≤1.12.4 leverages XML parser differentials between ReXML and Nokogiri to perform Signature Wrapping attacks.
The vulnerability stems from an incomplete fix for CVE-2025-25292, where ReXML and Nokogiri parse XML differently, producing entirely distinct document structures from the same input [1][2]. This parser differential means that a maliciously crafted SAML response can be interpreted as valid by one parser while the signature-checking logic uses the other, enabling a Signature Wrapping attack [2][3].
An attacker exploiting this issue does not need prior authentication; the attack is launched by sending a specially crafted SAML assertion to a ruby-saml-based service provider [2]. The attack requires network access to deliver the malicious SAML response, but no special privileges are needed beyond the ability to communicate with the target application [4].
The impact of a successful exploit is authentication bypass: an attacker can forge arbitrary SAML assertions and gain unauthorized access to any account or resource protected by the SAML authentication flow [2][3]. This bypass critically undermines the identity federation trust model that ruby-saml is designed to enforce.
The vulnerability is fixed in ruby-saml version 1.18.0, which incorporates proper XML namespace handling and validation ordering to eliminate the parser differential [1][3]. All users should upgrade immediately; versions 1.12.4 and earlier remain exploitable [1][2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ruby-samlRubyGems | < 1.18.0 | 1.18.0 |
Affected products
2- Range: <=1.12.4
- SAML-Toolkits/ruby-samlv5Range: < 1.18.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-754f-8gm6-c4r2ghsax_refsource_MISCADVISORY
- github.com/advisories/GHSA-9v8j-x534-2fx3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-66567ghsaADVISORY
- github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97ghsax_refsource_MISCWEB
- github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-9v8j-x534-2fx3ghsax_refsource_CONFIRMWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-66567.ymlghsaWEB
News mentions
1- The Fragile Lock: Novel Bypasses For SAML AuthenticationPortSwigger Research · Dec 10, 2025