Platform
dotnet
Component
spid.aspnetcore.authentication
Fixed in
3.4.1
3.4.0
CVE-2025-24894 describes a critical vulnerability within the SPID.AspNetCore.Authentication library, a component used for authentication leveraging the SAML2 standard. This flaw allows attackers to potentially bypass authentication mechanisms, granting them unauthorized access to protected resources. The vulnerability impacts versions of SPID.AspNetCore.Authentication up to and including 3.3.0-prerelease, and a fix is available in version 3.4.0.
The core of the vulnerability lies in the library's handling of SAML assertions, the data exchanged between the Identity Provider (IdP) and the Service Provider (SP) during authentication. An attacker can craft malicious SAML assertions, manipulating the identity information presented to the Service Provider. This manipulation could allow them to impersonate legitimate users, gain access to sensitive data, or escalate privileges within the system. The potential impact is significant, as successful exploitation could compromise the entire application relying on SPID.AspNetCore.Authentication for authentication. The SPID library acts as the Service Provider (SP) in the SAML2 flow, making it a critical point of attack.
CVE-2025-24894 was publicly disclosed on 2025-02-18. Currently, there are no known public proof-of-concept exploits available. The vulnerability's criticality (CVSS 9.1) suggests a potentially high probability of exploitation if a suitable exploit is developed. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.06% (19% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-24894 is to immediately upgrade to version 3.4.0 of SPID.AspNetCore.Authentication. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing stricter validation of incoming SAML assertions at the Service Provider level. This might involve verifying the signature of the assertion, checking the issuer, and validating the attributes contained within the assertion. Web Application Firewalls (WAFs) configured to inspect SAML traffic can also provide a layer of defense by detecting and blocking malicious assertions. After upgrading, confirm the fix by attempting to authenticate with a test user and verifying that the application behaves as expected.
Update the SPID.AspNetCore.Authentication library to version 3.4.0 or higher. This version contains the fix for the SAML response signature verification bypass vulnerability. The update will mitigate the risk of identity spoofing.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-24894 is a critical vulnerability (CVSS 9.1) in SPID.AspNetCore.Authentication versions up to 3.3.0-prerelease. It allows attackers to potentially bypass authentication by manipulating SAML assertions.
Yes, if you are using SPID.AspNetCore.Authentication versions 3.3.0-prerelease or earlier, you are affected by this vulnerability.
Upgrade to version 3.4.0 of SPID.AspNetCore.Authentication to remediate the vulnerability. If immediate upgrade is not possible, implement stricter SAML assertion validation.
Currently, there are no known active exploits, but the high CVSS score suggests a potential for future exploitation.
Refer to the official SPID project documentation and security advisories for the latest information and updates regarding CVE-2025-24894.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your packages.lock.json file and we'll tell you instantly if you're affected.