QwikSec

Security Database

CVE

CWE

Training

CVE-2025-47949

Published: May 19, 2025

Modified: May 20, 2025

PUBLISHED

Description

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

Vendor	Product	Versions
tngan	samlify	affected `< 2.10.0`

Weaknesses (CWE)

References

https://github.com/tngan/samlify/security/advisories/GHSA-r683-v43c-6xqv

x_refsource_CONFIRM

https://github.com/tngan/samlify/commit/115679acd89f0a37ea3ebd8fff7db54fca3e8af3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.