CVE-2025-27773

Name	CVE-2025-27773
Description	The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-4161-1
Debian Bugs	1100595

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
simplesamlphp (PTS)	bullseye	1.19.0-1	vulnerable
	bullseye (security)	1.19.0-1+deb11u2	fixed
	bookworm, bookworm (security)	1.19.7-1+deb12u1	vulnerable
	sid	1.19.7-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
simplesamlphp	source	bullseye	1.19.0-1+deb11u2		DLA-4161-1
simplesamlphp	source	(unstable)	1.19.7-2			1100595

Notes

[bookworm] - simplesamlphp <no-dsa> (Will be fixed via point release)
https://github.com/simplesamlphp/saml2/security/advisories/GHSA-46r4-f8gj-xg56
https://github.com/simplesamlphp/saml2/commit/7867d6099dc7f31bed1ea10e5bea159c5623d2a0
SimpleSAMLphp SAML2 library embedded in simplesamlphp

	
		OSZAR »