CVE-2025-47949 – Samlify SAML Response Signature Wrapping Vulnerability

May 19, 2025

CVE ID : CVE-2025-47949

Published : May 19, 2025, 8:15 p.m. | 2 hours, 33 minutes ago

Description : samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47946 – Symfony UX Twig Component Attribute Injection XSS

Next Article CVE-2025-47944 – Multer Denial of Service

Stop writing tests: Automate fully with Generative AI

Opsera’s Codeglide.ai lets developers easily turn legacy APIs into MCP servers

Black Duck Security GitHub App, NuGet MCP Server preview, and more – Daily News Digest

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

This new Coros watch has 3 weeks of battery life and tracks way more – even fly fishing

5 ways automation can speed up your daily workflow – and implementation is easy

This new C-suite role is more important than ever in the AI era – here’s why

iPhone users may finally be able to send encrypted texts to Android friends with iOS 26

Creating Dynamic Real-Time Features with Laravel Broadcasting

Creating Dynamic Real-Time Features with Laravel Broadcasting

Understanding Tailwind CSS Safelist: Keep Your Dynamic Classes Safe!

Sitecore’s Content SDK: Everything You Need to Know

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Microsoft admits it broke “Reset this PC” in Windows 11 23H2 KB5063875, Windows 10 KB5063709

How to Fix “EA AntiCheat Has Detected an Incompatible Driver” on Windows 11?

CVE-2025-47949 – Samlify SAML Response Signature Wrapping Vulnerability

Investors beware: AI-powered financial scams swamp social media

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

The Top 25 Women Cybersecurity Leaders in the UAE in 2025

All About the Filament v4 Beta Release

CVE-2024-42191 – HCL Traveler for Microsoft Outlook COM Hijacking Vulnerability

CVE-2025-5637 – PCMan FTP Server SYSTEM Command Handler Buffer Overflow Vulnerability

APT-Style Attacks Exploit CVE-2025-6543 in Dutch Critical Organizations

Amazon launches serverless distributed SQL database, Aurora DSQL

CVE-2025-5338 – Royal Elementor Addons WordPress Stored Cross-Site Scripting Vulnerability

CVE-2025-46660 – 4C Strategies Exonaut Hashing Without Salt Vulnerability

CVE-2025-47949 – Samlify SAML Response Signature Wrapping Vulnerability

Related Posts