CVE-2025-46573 – OpenSAMLPassport-WSFed Impersonation Vulnerability

May 6, 2025

CVE ID : CVE-2025-46573

Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago

Description : passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Users are affected specifically when the service provider is using `passport-wsfed-saml2` and a valid SAML Response signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleHow to Create Serverless AI Agents with Langbase Docs MCP Server in Minutes

Next Article CVE-2025-46572 – Auth0 Passport-wsfed-saml2 SAML Authentication Bypass

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

3 portable power stations I travel everywhere with (and how they differ)

I tried Lenovo’s new rollable ThinkBook and can’t go back to regular-sized screens

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

Forget Back to School Deals — Lenovo’s Clearance Sale is Where You’ll Find Amazing Discounts on Laptops, Mini PCs, and More, While Supplies Last

spatie/laravel-flare

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Generate Postman Collections from Laravel Routes

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

Forget Back to School Deals — Lenovo’s Clearance Sale is Where You’ll Find Amazing Discounts on Laptops, Mini PCs, and More, While Supplies Last

The Gaming Desktop I’ve Relied on More Than Any Other Is More Powerful and Sleeker Than Ever — But Damn, It’s Expensive

CVE-2025-46573 – OpenSAMLPassport-WSFed Impersonation Vulnerability

Android adware: What is it, and how do I get it off my device?

Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?

Overwatch 2 gets a ‘Stadium Mode’ gameplay trailer, marking the biggest change the game has seen in years

This freaky Lovecraftian horror FPS is coming to Xbox and PS5, with a demo on Steam now — the devs said “you never know” about Game Pass, too

CVE-2025-46654 – CodiMD through 2.2.0 has a CSP-based protection me

CVE-2025-6955 – Campcodes Employee Management System SQL Injection Vulnerability

CVE-2025-48389 – FreeScout Deserialization Vulnerability (Arbitrary Code Execution)

Call of Duty: Black Ops 7 rated by the ESRB — and it looks like we’re not going to be free of the weed-themed skins any time soon

The only keyboard I need for travel now is also Razer’s first designed for macOS, but it has a weakness

New Calendar app for Windows 11 is here, but not for everyone

CVE-2025-46573 – OpenSAMLPassport-WSFed Impersonation Vulnerability

Related Posts