CVE-2025-54369

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. This issue is fixed in version 5.1.0.

CVSS

No CVSS.

References

Link	Resource
https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10
https://github.com/node-saml/node-saml/releases/tag/v5.1.0
https://github.com/node-saml/node-saml/security/advisories/GHSA-m837-g268-mmv7

Configurations

No configuration.

History

12 Dec 2025, 23:15

Type	Values Removed	Values Added
References		() https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10 - () https://github.com/node-saml/node-saml/releases/tag/v5.1.0 - () https://github.com/node-saml/node-saml/security/advisories/GHSA-m837-g268-mmv7 -
Summary	~~(en) Rejected reason: Reason: This candidate was issued in error.~~	(en) Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. This issue is fixed in version 5.1.0.
CWE		CWE-347 CWE-87

24 Jul 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-24 23:15

Updated : 2025-12-15 18:22

NVD link : CVE-2025-54369

Mitre link : CVE-2025-54369

CVE.ORG link : CVE-2025-54369

JSON object : View

Products Affected

No product.

CWE

CWE-87

Improper Neutralization of Alternate XSS Syntax

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2025-54369", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-24T23:15:26.790", "references": [{"url": "https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10", "source": "security-advisories@github.com"}, {"url": "https://github.com/node-saml/node-saml/releases/tag/v5.1.0", "source": "security-advisories@github.com"}, {"url": "https://github.com/node-saml/node-saml/security/advisories/GHSA-m837-g268-mmv7", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-87"}, {"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. This issue is fixed in version 5.1.0."}], "lastModified": "2025-12-15T18:22:40.637", "sourceIdentifier": "security-advisories@github.com"}