Security Advisory

CVE-2025-47949

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-19 19:28:45

Last updated 2025-05-20 13:00:40

Assigner GitHub_M

State PUBLISHED

Description

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

← Browse all CVEs View on cve.org ↗