202501-01

Signature bypass vulnerability

Description

An attacker could fabricate a SAML Response and the Service Provider would accept it, due to a bug in the libxml2-library.

Mitigation:

Update to the latest version of SimpleSAMLphp, or manually bump the robrichards/xmlseclibs dependency to v3.1.4

Background / details

https://portswigger.net/research/the-fragile-lock#golden-saml-response

Credit

This vulnerability was discovered and reported by d0ge on December 2, 2025. It is registered under CVE-2025-66475.