Platform
dotnet
Component
cie.aspnetcore.authentication
Fixed in
2.1.1
2.1.0
CVE-2025-24895 is a critical vulnerability affecting CIE.AspNetCore.Authentication versions up to 2.0.4. This flaw allows attackers to bypass authentication mechanisms relying on SAML2, potentially granting them unauthorized access to protected resources. The vulnerability stems from improper handling of SAML assertions within the Service Provider (SP) role. A fix is available in version 2.1.0.
The core of this vulnerability lies in the misconfiguration or flawed implementation of SAML2 authentication within applications utilizing CIE.AspNetCore.Authentication. An attacker can craft malicious SAML assertions, manipulating identity information to impersonate legitimate users or gain access without proper credentials. This could lead to complete compromise of the application and its underlying data. Successful exploitation could result in unauthorized data access, modification, or deletion, as well as the ability to execute arbitrary code on the server, depending on the application's overall security posture. The impact is amplified if the application handles sensitive data or integrates with other critical systems.
CVE-2025-24895 was publicly disclosed on 2025-02-18. The CVSS score of 9.1 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (PoC) has been widely reported, the nature of the vulnerability – SAML assertion manipulation – is well-understood and potentially exploitable by skilled attackers. It is recommended to treat this vulnerability with the highest priority.
Exploit Status
EPSS
0.06% (19% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade to CIE.AspNetCore.Authentication version 2.1.0 or later, which addresses the vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. Thoroughly review and validate all SAML configurations, ensuring proper assertion validation and attribute mapping. Implement strict access controls and multi-factor authentication to limit the potential damage from a successful attack. Consider using a Web Application Firewall (WAF) with SAML inspection capabilities to detect and block malicious assertions. Regularly audit SAML configurations and logs for suspicious activity.
Update the CIE.AspNetCore.Authentication library to version 2.1.0 or higher. This version fixes the SAML response signature verification bypass vulnerability. To update, use the NuGet package manager in your .NET project.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-24895 is a critical vulnerability in CIE.AspNetCore.Authentication versions 2.0.4 and earlier that allows attackers to bypass authentication by manipulating SAML assertions, potentially gaining unauthorized access.
Yes, if your application uses CIE.AspNetCore.Authentication and is running a version equal to or less than 2.0.4, you are vulnerable to this authentication bypass.
Upgrade to CIE.AspNetCore.Authentication version 2.1.0 or later to remediate the vulnerability. Implement temporary workarounds like stricter SAML validation if immediate upgrade is not possible.
While no widespread exploitation has been confirmed, the vulnerability's severity and the ease of SAML manipulation suggest a high likelihood of exploitation. Proactive mitigation is strongly recommended.
Refer to the official CIE project repository and related security advisories for detailed information and updates regarding CVE-2025-24895.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your packages.lock.json file and we'll tell you instantly if you're affected.