Summary
There are 2 new Critical Signature Wrapping Vulnerabilities (CVE-2025-25292, CVE-2025-25291) and a potential DDOS Moderated Vulneratiblity (CVE-2025-25293) affecting ruby-saml, a dependency of omniauth-saml.
The fix gonna be applied to ruby-saml and released tomorrow 12 Mar, under v1.18.0 version.
Please upgrade the ruby-saml requirement to v1.18.0
Impact
Signature Wrapping Vulnerabilities allows an attacker to impersonate a user.
Summary
There are 2 new Critical Signature Wrapping Vulnerabilities (CVE-2025-25292, CVE-2025-25291) and a potential DDOS Moderated Vulneratiblity (CVE-2025-25293) affecting ruby-saml, a dependency of omniauth-saml.
The fix gonna be applied to ruby-saml and released tomorrow 12 Mar, under v1.18.0 version.
Please upgrade the ruby-saml requirement to v1.18.0
Impact
Signature Wrapping Vulnerabilities allows an attacker to impersonate a user.