CVE-2025-22146
Published: 15 January 2025
Summary
CVE-2025-22146 is a critical-severity Improper Authentication (CWE-287) vulnerability. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-13 (Identity Providers and Authorization Servers) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires organizations to identify, report, and correct flaws like the SAML SSO implementation vulnerability in Sentry by applying patches such as upgrading to version 25.1.0.
Mandates selection, monitoring, and review of identity providers like SAML IdPs to prevent exploitation by malicious providers targeting user accounts across organizations.
Ensures secure configuration settings for SAML SSO, such as enabling SENTRY_SINGLE_ORGANIZATION=True, to mitigate multi-organization exploitation risks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in public-facing Sentry SAML SSO enables remote exploitation for account takeover, directly mapping to T1190 (Exploit Public-Facing Application) and facilitating T1078 (Valid Accounts) via unauthorized access.
NVD Description
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take…
more
over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability.
Deeper analysisAI
CVE-2025-22146 is a critical vulnerability in the SAML SSO implementation of Sentry, a developer-first error tracking and performance monitoring tool. It enables account takeover of any user on a Sentry instance and carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), mapped to CWE-287 (Improper Authentication). The flaw was responsibly disclosed through Sentry's private bug bounty program and affects both Sentry SaaS and self-hosted deployments.
An unauthenticated attacker can exploit this vulnerability by controlling a malicious SAML Identity Provider and leveraging another organization on the same Sentry instance. With knowledge of the victim's email address, the attacker can fully compromise the target user account, gaining unauthorized access to sensitive data and functionalities associated with that account.
Sentry advisories recommend immediate mitigation: the SaaS platform received a fix on January 14, 2025. Self-hosted users with `SENTRY_SINGLE_ORGANIZATION = True` require no action, but others must upgrade to version 25.1.0 or higher. No workarounds are available. Details are in the security advisory at https://github.com/getsentry/sentry/security/advisories/GHSA-7pq6-v88g-wf3w and the fix pull request at https://github.com/getsentry/sentry/pull/83407.
Details
- CWE(s)