CVE-2025-27773
Published: 11 March 2025
Summary
CVE-2025-27773 is a high-severity Improper Verification of Cryptographic Signature (CWE-347) vulnerability. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely flaw remediation, directly mitigating the signature confusion vulnerability in SimpleSAMLphp SAML2 by applying patches to versions 4.17.0 or 5.0.0-alpha.20.
Mandates proper implementation of cryptographic mechanisms to protect information integrity, directly addressing improper cryptographic signature verification in SAML HTTP-Redirect binding.
Enables verification of software, firmware, and information integrity using digital signatures, helping detect invalid or confused SAMLResponses exploited in this vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated remote attackers to bypass SAML signature verification in the HTTP-Redirect binding of a public-facing SAML library/application, directly enabling exploitation of public-facing applications to achieve authentication/authorization bypass.
NVD Description
The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause…
more
the application to accept an unsigned message. Versions 4.17.0 and 5.0.0-alpha.20 contain a fix for the issue.
Deeper analysisAI
CVE-2025-27773 affects the SimpleSAMLphp SAML2 library, a PHP library for SAML2-related functionality. In versions prior to 4.17.0 and 5.0.0-alpha.20, the library contains a signature confusion vulnerability in the HTTPRedirect binding. This flaw, classified under CWE-347 (Improper Verification of Cryptographic Signature), allows improper handling of signatures in SAMLResponses, with a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N).
An unauthenticated network attacker can exploit this vulnerability with low complexity and no user interaction. By supplying any signed SAMLResponse via the HTTP-Redirect binding, the attacker can cause the application to accept an unsigned message, leading to high integrity impacts such as potential bypass of authentication or authorization checks in SAML-dependent systems.
Mitigation requires upgrading to SimpleSAMLphp SAML2 versions 4.17.0 or 5.0.0-alpha.20, which contain the fix. The GitHub security advisory GHSA-46r4-f8gj-xg56 details the issue, with the patching commit at 7867d6099dc7f31bed1ea10e5bea159c5623d2a0. Affected code is in HTTPRedirect.php lines 104-113 and 178-217. Debian LTS users should refer to the announcement at lists.debian.org/debian-lts-announce/2025/05/msg00013.html for package updates.
Details
- CWE(s)