CVE-2025-46572 CRITICAL

CVE-2025-46572: passport-wsfed-saml2 Has SAML Authentication Bypass via Signature Wrapping

Vendor Auth0
Product passport-wsfed-saml2
Weakness CWE-287 · Improper authentication
Published May 6, 2025
Last update May 13, 2025

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.

Key dates

02Disclosure timeline

May 6, 2025 CVE published
May 13, 2025 Record updated