CVE-2025-54369 CRITICAL

CVE-2025-54369: Node-SAML SAML Authentication Bypass

Vendor Node-Saml
Product node-saml
Weakness CWE-87
Published December 12, 2025
Last update May 7, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. This issue is fixed in version 5.1.0.

Key dates

02Disclosure timeline

December 12, 2025 CVE published
May 7, 2026 Record updated