Close Menu
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
What's Hot

England’s Harry Kane loses his voice singing ‘Wonderwall’ after winning the World Cup

Best Keurig Sale: $20 off Keurig K-Mini Mate Single Serve K-Cup Pod Coffee Maker

Taylor Swift and Travis Kelce, from friendship bracelets to wedding rings

Facebook X (Twitter) Instagram
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
Facebook X (Twitter) Instagram
FYMOUS News
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
FYMOUS News
Home » Github reveals new Ruby-Saml vulnerabilities that allow account acquisition attacks
Celebrities

Github reveals new Ruby-Saml vulnerabilities that allow account acquisition attacks

By March 13, 2025No Comments1 Min Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

March 13, 2025Ravi LakshmananAuthentication/Vulnerability

Ruby-Saml vulnerabilities

The open source Ruby-SAML library discloses two high-strength security flaws that allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protection.

SAML is an XML-based markup language, an open standard used to exchange authentication and authorization data between parties, enabling features such as single sign-on (SSO). This allows individuals to access multiple sites, services, and apps using a single credential.

The vulnerabilities tracked as CVE-2025-25291 and CVE-2025-25292 have a CVSS score of 8.8 out of 10.0. They affect the next version of the library –

<1.12.4> = 1.13.0, <1.18.0

The drawback of both is that both rexml and nokogiri xml are different ways, with two parsers generating completely different document structures from the same XML input

This parser differentiation allows the attacker to perform signature wrapping attacks, leading to authentication bypass. The vulnerability is addressed in Ruby-SAML versions 1.12.4 and 1.18.0.

Cybersecurity

Microsoft-owned Github, which discovered and reported the flaw in November 2024, said it could be abused by malicious actors to carry out account takeover attacks.

“Attackers who own a single valid signature created with the key used to validate SAML responses or target organizational assertions can use it to construct the SAML assertion itself and log in as any user.”

The Microsoft-owned subsidiary also noted that the issue was summarised in a “cutoff” between hash verification and signature verification, opening the door to exploitation through parser differentiation.

Versions 1.12.4 and 1.18.0 also plug in remote denial of service (DOS) defects when processing compressed SAML responses (CVE-2025-25293, CVSS score: 7.7). Users are advised to update to the latest version to protect against potential threats.

The findings arise almost six months after Gitlab and Ruby-Saml moved to address another important vulnerability (CVE-2024-45409, CVSS score: 10.0).

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleWBO orders usyk to defend heavyweight boxing title against Parker | Boxing News
Next Article Bill Gates’ groundbreaking energy excludes European and US climate policy teams after USAID funding hit

Related Posts

Taylor Swift wears Christian Dior couture at her wedding

July 4, 2026

Taylor Swift’s wedding guests wore monochrome gold, red and black

July 3, 2026

Karlie Kloss uses Tove’s Liquid Gold at Taylor Swift’s wedding

July 3, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

England’s Harry Kane loses his voice singing ‘Wonderwall’ after winning the World Cup

Best Keurig Sale: $20 off Keurig K-Mini Mate Single Serve K-Cup Pod Coffee Maker

Taylor Swift and Travis Kelce, from friendship bracelets to wedding rings

Paul McCartney performs Beatles classics at Taylor Swift’s wedding

Trending Posts

England’s Harry Kane loses his voice singing ‘Wonderwall’ after winning the World Cup

July 6, 2026

Paul McCartney performs Beatles classics at Taylor Swift’s wedding

July 5, 2026

Taylor Swift and Travis Kelce’s wedding vows: What the guests revealed

July 4, 2026

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to The FYMOUS, a modern digital media platform dedicated to celebrities, artists, influencers, brands, entertainment culture, and the growing TwinH ecosystem.

We bring audiences closer to the people, stories, trends, and collaborations shaping today’s culture. From exclusive celebrity news and music releases to influencer highlights, brand partnerships, and TwinH activations, The FYMOUS delivers engaging content designed for the next generation of digital audiences.

Castilla-La Mancha Ignites Innovation: fiveclmsummit Redefines Tech Future

Local Power, Health Innovation: Alcolea de Calatrava Boosts FiveCLM PoC with Community Engagement

The Future of Digital Twins in Healthcare: From Virtual Replicas to Personalized Medical Models

Human Digital Twins: The Next Tech Frontier Set to Transform Healthcare and Beyond

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
© 2026 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.