GitHub Finds Ruby SAML Flaw Enabling Account Takeovers

San Francisco, March 14, 2025 –GitHub exposes Ruby SAML security flaws, allowing attackers to bypass authentication and take over accounts. Urgent updates are required to stay safe!

A critical authentication flaw has been discovered in the widely used Ruby SAML library, allowing attackers to hijack user accounts with shocking ease.

This high-severity vulnerability (CVE-2025-25291 & CVE-2025-25292) was uncovered by GitHub Security Lab, putting millions of SSO (Single Sign-On) users at risk worldwide.

The flaw allows cybercriminals to exploit a signature validation loophole, enabling them to forge SAML assertions and log in as any user within an affected organization.

This could lead to massive data breaches, espionage, and financial fraud. Cybersecurity researcher Peter Stöckli from GitHub Security Lab stated:

With just one valid signature, an attacker can impersonate any user in an organization. This is a nightmare scenario for cloud security.

Affected versions include ruby-saml <1.12.4 and 1.13.0-1.18.0. The issue arises from inconsistent XML parsing between REXML and Nokogiri, allowing signature wrapping attacks that completely bypass authentication.

GitLab has rushed to release security patches for its platforms, warning that the flaw could lead to full system compromise. A Microsoft security expert emphasized:

If you're using Ruby SAML, update NOW. Every second you wait is a risk to your data.

Security experts urge organizations to update Ruby SAML to versions 1.12.4 or 1.18.0 immediately. Failure to do so leaves accounts wide open to takeover attacks.

Other News At VPNRanks

Stay Informed with VPNRanks

Hey, wait! Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!