Critical ruby-saml Vulnerabilities Allow Attackers to Bypass Authentication

A critical security vulnerability has been identified in the ruby-saml library, a popular tool used for Single Sign-On (SSO) via Security Assertion Markup Language (SAML) on the service provider side.

The vulnerabilities, designated as CVE-2025-25291 and CVE-2025-25292, allow attackers to bypass authentication and conduct account takeover attacks if they possess a valid signature created with the targeted organization’s key.

The ruby-saml library is widely used in various applications and products, including notable projects like GitLab.

While GitHub does not currently use this library for authentication, the platform recently evaluated its adoption following the discovery of vulnerabilities in its own SAML implementation.

This decision to reassess ruby-saml was prompted after a significant authentication bypass flaw was disclosed in October 2024 (CVE-2024-45409).

Background and Discovery

The vulnerabilities were discovered during a comprehensive security review by GitHub’s Security Lab and bug bounty researchers.

The review was initiated after GitHub decided to ...