CVE-2025-46573 – OpenSAMLPassport-WSFed Impersonation Vulnerability

May 6, 2025

CVE ID : CVE-2025-46573

Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago

Description : passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleHow to Create Serverless AI Agents with Langbase Docs MCP Server in Minutes

Next Article CVE-2025-46572 – Auth0 Passport-wsfed-saml2 SAML Authentication Bypass

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-46573 – OpenSAMLPassport-WSFed Impersonation Vulnerability

Rogue WordPress Plugin Unmasked: Stealthy Malware Skims Credit Cards & Steals Credentials

Urgent Advantech Alert: Critical Flaws (CVSS 9.6) Expose Industrial Automation to Remote Takeover, PoC Releases

7 strategic insights business and IT leaders need for AI transformation in 2025

CVE-2025-6285 – PHPGurukul COVID19 Testing Management System PHP Cross-Site Scripting Vulnerability

Building intelligent AI voice agents with Pipecat and Amazon Bedrock – Part 1

CVE-2025-41234: Spring Framework Vulnerability Enables Reflected File Download Attacks

CVE-2025-6328 – D-Link DIR-815 Stack-Based Buffer Overflow Vulnerability

CVE-2025-2866 – LibreOffice PDF Signature Spoofing

CVE-2025-4831 – TOTOLINK HTTP POST Request Handler Buffer Overflow Vulnerability

High-Severity DoS Vulnerability Found in PowerDNS DNSdist (CVE-2025-30194)

CVE-2025-46573 – OpenSAMLPassport-WSFed Impersonation Vulnerability

Related Posts