Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-29775
Received
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-14 Mar, 2025 | 18:15
Updated At-15 Mar, 2025 | 21:15

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-347Secondarysecurity-advisories@github.com
CWE ID: CWE-347
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aedsecurity-advisories@github.com
N/A
https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98security-advisories@github.com
N/A
https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07security-advisories@github.com
N/A
https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6security-advisories@github.com
N/A
https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1security-advisories@github.com
N/A
https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1security-advisories@github.com
N/A
https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3security-advisories@github.com
N/A
https://workos.com/blog/samlstormaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://workos.com/blog/samlstorm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found