Platform
nodejs
Component
@node-saml/node-saml
Fixed in
5.0.2
5.1.0
CVE-2025-54419 affects the @node-saml/node-saml library, a popular Node.js module for handling Security Assertion Markup Language (SAML) authentication. This vulnerability enables attackers to manipulate authentication details within a validly signed SAML assertion, bypassing authentication controls. Versions of @node-saml/node-saml prior to 5.1.0 are vulnerable. The issue has been resolved by ensuring SAML assertions are processed only from verified and authenticated content.
The core of this vulnerability lies in how @node-saml/node-saml handles SAML assertions. Instead of exclusively relying on verified, signed components, it loads data from the original, unsigned response document. This discrepancy allows an attacker, possessing a validly signed SAML document from the Identity Provider (IdP), to modify the assertion's contents without invalidating the signature. A particularly concerning attack vector involves removing or altering characters within the SAML assertion's username field, effectively impersonating a legitimate user. The blast radius is significant, potentially impacting any application relying on @node-saml/node-saml for authentication, leading to unauthorized access and data breaches. This vulnerability shares similarities with other SAML manipulation attacks where improper handling of assertion data can lead to authentication bypass.
CVE-2025-54419 was published on 2025-07-28. The CVSS score of 10 (Critical) reflects the severe impact and ease of exploitation. Currently, there are no publicly known Proof-of-Concept (PoC) exploits, but the vulnerability's nature suggests it could be quickly exploited. Given the critical severity and the widespread use of SAML, it is likely to be targeted by attackers. The vulnerability is not currently listed on KEV or EPSS, but its high CVSS score indicates a high probability of exploitation if left unpatched.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-54419 is to upgrade to version 5.1.0 or later of the @node-saml/node-saml library. This version implements stricter validation and processing of SAML assertions, ensuring only verified content is utilized. If immediate upgrading is not feasible, consider implementing temporary workarounds. While a direct WAF rule is difficult to implement without deep packet inspection, proxy configurations can be adjusted to scrutinize SAML responses for unexpected modifications. Implement robust input validation on the application side to further reduce the risk of malicious data being accepted. After upgrading, confirm the fix by attempting to craft a malicious SAML assertion and verifying that it is rejected by the updated library.
Actualice la biblioteca node-saml a la versión 5.1.0 o superior. Esto corrige la vulnerabilidad de verificación de firmas SAML. Ejecute `npm update node-saml` o `yarn upgrade node-saml` para actualizar la dependencia en su proyecto.
Vulnerability analysis and critical alerts directly to your inbox.
It's a critical vulnerability in the @node-saml/node-saml library allowing attackers to modify SAML assertions, potentially bypassing authentication.
If you're using @node-saml/node-saml versions prior to 5.1.0, you are vulnerable. Assess your dependencies immediately.
Upgrade to @node-saml/node-saml version 5.1.0 or later. If upgrading is not possible, consider temporary workarounds like input validation.
No public exploits are currently known, but the critical severity suggests it's a likely target for attackers.
Refer to the official Node-SAML documentation and the CVE entry on NVD for detailed information: https://nvd.nist.gov/vuln/detail/CVE-2025-54419
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.