Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Mendix SAML (Mendix 10.12 compatible)

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2025-40758
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.7||HIGH
EPSS-0.01% / 1.52%
||
7 Day CHG-0.00%
Published-14 Aug, 2025 | 15:06
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations.

Action-Not Available
Vendor-Siemens AG
Product-Mendix SAML (Mendix 9.24 compatible)Mendix SAML (Mendix 10.12 compatible)Mendix SAML (Mendix 10.21 compatible)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature