CVE-2025-47949 – Samlify SAML Response Signature Wrapping Vulnerability

CVE ID : CVE-2025-47949

Published : May 19, 2025, 8:15 p.m. | 53 minutes ago

Description : samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…