Account hijacking possible with ruby-saml library bugs

Open-source library ruby-saml has been impacted by a pair of high-severity flaws, tracked as CVE-2025-25291 and CVE-2025-25292, which could be exploited to circumvent the authentication defenses of the Security Assertion Markup Language and facilitate account takeovers, The Hacker News reports.

Both vulnerabilities — which have already been addressed in new ruby-saml versions — originate from the differences in XML parsing between REXML and Nokogiri, as well as hash and signature verifications, according to findings from the GitHub Security Lab.

"Attackers who are in possession of a single valid signature that was created with the key used to validate SAML responses or assertions of the targeted organization can use it to construct SAML assertions themselves and are in turn able to log in as any user," said researcher Peter Stöckli.

Updates have also been released by GitLab to fix the security issues in Community Edition and Enterprise Edition instances.