CNNVD-202507-3506 Information

Jul 28, 2025 cve

CNNVD ID

CNNVD-202507-3506

CVE-2025-54419

  • CNNVD Published: 2025-07-28

Description (Chinese)

node-saml是一个 SAML 库,不依赖于在 Node.js 中运行的任何框架。 node-saml 5.0.1版本存在安全漏洞,该漏洞源于未正确验证SAML断言,可能导致身份验证绕过。

Description (English)

Node-saml is a SAML library and does not depend on any framework running in Node.js. Node-saml version 5.0.1 contains a security loophole, which stems from incorrect verification of SAML claims and may result in the identification being bypassed.

Hazard Level

Medium

Vulnerability Type

其他

Published

2025-07-28

Last Modified

2026-02-24

References

https://github.com/node-saml/node-saml/commit/31ead9411ebc3e2385086fa9149b6c17732bca10 https://github.com/node-saml/node-saml/releases/tag/v5.1.0 https://github.com/node-saml/node-saml/security/advisories/GHSA-4mxg-3p6v-xgq3 https://access.redhat.com/security/cve/cve-2025-54419

Patch

https://github.com/node-saml/node-saml/releases

Share on: