{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-29774", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-03-11T14:23:00.474Z", "datePublished": "2025-03-14T17:05:53.943Z", "dateUpdated": "2025-03-15T20:50:21.614Z"}, "containers": {"cna": {"title": "xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References", "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g"}, {"name": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed", "tags": ["x_refsource_MISC"], "url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"}, {"name": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98", "tags": ["x_refsource_MISC"], "url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"}, {"name": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07", "tags": ["x_refsource_MISC"], "url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"}, {"name": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"}, {"name": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"}, {"name": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"}], "affected": [{"vendor": "node-saml", "product": "xml-crypto", "versions": [{"version": ">= 4.0.0, < 6.0.1", "status": "affected"}, {"version": ">= 3.0.0, < 3.2.1", "status": "affected"}, {"version": "< 2.1.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-03-14T17:05:53.943Z"}, "descriptions": [{"lang": "en", "value": "xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively."}], "source": {"advisory": "GHSA-9p8x-f768-wp2g", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-14T18:36:19.111763Z", "id": "CVE-2025-29774", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T18:40:50.828Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-03-15T20:50:21.614Z"}, "references": [{"url": "https://workos.com/blog/samlstorm"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://workos.com/blog/samlstorm"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-03-15T20:50:21.614Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-29774", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-14T18:36:19.111763Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T18:40:39.385Z"}}], "cna": {"title": "xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References", "source": {"advisory": "GHSA-9p8x-f768-wp2g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "node-saml", "product": "xml-crypto", "versions": [{"status": "affected", "version": ">= 4.0.0, < 6.0.1"}, {"status": "affected", "version": ">= 3.0.0, < 3.2.1"}, {"status": "affected", "version": "< 2.1.6"}]}], "references": [{"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g", "name": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed", "name": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98", "name": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07", "name": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6", "name": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1", "name": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1", "name": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-03-14T17:05:53.943Z"}}}, "cveMetadata": {"cveId": "CVE-2025-29774", "state": "PUBLISHED", "dateUpdated": "2025-03-15T20:50:21.614Z", "dateReserved": "2025-03-11T14:23:00.474Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-03-14T17:05:53.943Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively."}, {"lang": "es", "value": "xml-crypto es una librer\u00eda de firma digital y cifrado XML para Node.js. Un atacante podr\u00eda explotar una vulnerabilidad en versiones anteriores a la 6.0.1, 3.2.1 y 2.1.6 para eludir los mecanismos de autenticaci\u00f3n o autorizaci\u00f3n en sistemas que dependen de xml-crypto para verificar documentos XML firmados. Esta vulnerabilidad permite a un atacante modificar un mensaje XML firmado v\u00e1lido de forma que a\u00fan supere las comprobaciones de verificaci\u00f3n de firma. Por ejemplo, podr\u00eda utilizarse para alterar atributos cr\u00edticos de identidad o control de acceso, lo que permitir\u00eda a un atacante con una cuenta v\u00e1lida escalar privilegios o suplantar la identidad de otro usuario. Los usuarios de las versiones 6.0.0 y anteriores deben actualizar a la versi\u00f3n 6.0.1 para obtener una correcci\u00f3n. Quienes a\u00fan utilicen las versiones 2.x o 3.x deben actualizar a las versiones 2.1.6 o 3.2.1, respectivamente."}], "id": "CVE-2025-29774", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-03-14T17:15:52.870", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"}, {"source": "security-advisories@github.com", "url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"}, {"source": "security-advisories@github.com", "url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"}, {"source": "security-advisories@github.com", "url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"}, {"source": "security-advisories@github.com", "url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"}, {"source": "security-advisories@github.com", "url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"}, {"source": "security-advisories@github.com", "url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://workos.com/blog/samlstorm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:3595", "cpe": "cpe:/a:redhat:rhdh:1.4::el9", "package": "registry.redhat.io/rhdh/rhdh-hub-rhel9:sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a", "product_name": "Red Hat Developer Hub (RHDH) 1.4", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3374", "cpe": "cpe:/a:redhat:rhdh:1.5::el9", "package": "registry.redhat.io/rhdh/rhdh-hub-rhel9:sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665", "product_name": "RHDH 1.5", "release_date": "2025-03-27T00:00:00Z"}], "bugzilla": {"description": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References", "id": "2352596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352596"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-347", "details": ["xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.", "A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-29774", "package_state": [{"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1/kn-backstage-plugins-eventmesh-rhel8", "product_name": "OpenShift Serverless"}], "public_date": "2025-03-14T17:05:53Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-29774\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-29774\nhttps://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed\nhttps://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98\nhttps://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07\nhttps://github.com/node-saml/xml-crypto/releases/tag/v2.1.6\nhttps://github.com/node-saml/xml-crypto/releases/tag/v3.2.1\nhttps://github.com/node-saml/xml-crypto/releases/tag/v6.0.1\nhttps://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g"], "threat_severity": "Important"}

{}