CVE-2025-47949 – Samlify SAML Response Signature Wrapping Vulnerability

May 19, 2025

CVE ID : CVE-2025-47949

Published : May 19, 2025, 8:15 p.m. | 2 hours, 33 minutes ago

Description : samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47946 – Symfony UX Twig Component Attribute Injection XSS

Next Article CVE-2025-47944 – Multer Denial of Service

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

GPT-5 should have a higher “degree of scientific certainty” than the current ChatGPT — but with less model switching

Elon Musk’s Grok 3 AI coming to Azure proves Satya Nadella’s allegiance isn’t to OpenAI, but to maximizing Microsoft’s profit gains by heeding consumer demands

One of the most promising open-world RPGs in years is releasing next week on Xbox and PC

NVIDIA’s latest driver fixes some big issues with DOOM: The Dark Ages

Community News: Latest PECL Releases (05.20.2025)

Community News: Latest PECL Releases (05.20.2025)

Getting Started with Personalization in Sitecore XM Cloud: Enable, Extend, and Execute

Universal Design and Global Accessibility Awareness Day (GAAD)

GPT-5 should have a higher “degree of scientific certainty” than the current ChatGPT — but with less model switching

GPT-5 should have a higher “degree of scientific certainty” than the current ChatGPT — but with less model switching

Elon Musk’s Grok 3 AI coming to Azure proves Satya Nadella’s allegiance isn’t to OpenAI, but to maximizing Microsoft’s profit gains by heeding consumer demands

One of the most promising open-world RPGs in years is releasing next week on Xbox and PC

CVE-2025-47949 – Samlify SAML Response Signature Wrapping Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4996 – Intelbras RF 301K Cross-Site Scripting Vulnerability

DigiRL: A Novel Autonomous Reinforcement Learning RL Method to Train Device-Control Agents

Forget Dyson: Roborock’s wet-dry vacuum left my floors spotless (and it’s $180 for Black Friday)

Nokia Corteca Scales Wi-Fi Connectivity to Millions of Devices With MongoDB Atlas

Useful Nmap Scripts for Ethical Hackers

This monster 240W charger has features I’ve never seen on other accessories (and get $60 off this Black Friday)

Sharpening LLMs: The Sharpest Tools and Essential Techniques for Precision and Clarity

Salesforce Unveils Agentforce 2.0: An Advanced Digital Labor Platform for Enterprises

The Truth About Perfect Lighthouse Scores

CVE-2025-47949 – Samlify SAML Response Signature Wrapping Vulnerability

Related Posts