CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-46573: passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

4.6 CVSS

Description

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.

Classification

CVE ID: CVE-2025-46573

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.6

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Problem Types

CWE-287: Improper Authentication

Affected Products

Vendor: auth0

Product: passport-wsfed-saml2

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 25.12% (scored less or equal to compared to others)

EPSS Date: 2025-06-04 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46573
https://github.com/auth0/passport-wsfed-saml2/security/advisories/GHSA-8gqj-226h-gm8r
https://github.com/auth0/passport-wsfed-saml2/commit/e5cf3cc2a53748207f7a81bfba9195c8efa94181

Timeline

2025-05-06 21:40:23 UTC
CVE

passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling
2025-05-06 22:15:29 UTC
Github Advisory Database (NPM)

[passport-wsfed-saml2] Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling