Critical Vulnerability Information Vulnerability Description Vulnerability Name: SAML authentication bypass due to namespace handling (parser differential) Severity: Critical (9.3/10) Affected Versions Affected Versions: = 1.18.0 Vulnerability Summary In Ruby-saml up to and including version 1.12.4, there is an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, and the parsers can generate entirely different document structures from the same XML input. This allows an attacker to execute a Signature Wrapping attack. The vulnerability does not affect version 1.18.0. Impact This enables an attacker to perform a Signature Wrapping attack and bypass authentication. CVSS v4 Base Metrics Attack Vector: Network Attack Complexity: Low Attack Requirements: None Privileges Required: None User Interaction: None Confidentiality Impact: High Integrity Impact: High Availability Impact: None Subsequent System Impact: None CVE ID CVE-2025-66567 Weakness CWE ID: CWE-347 Acknowledgments Reporter: d0ge