Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Terraform Enterprise’s Single Sign-On and Ruby SAML’s CVE-2025-25291 and CVE-2025-25292

🗓️ 13 Mar 2025 23:20:50Reported by HashiCorp Security TeamType 
hashicorp
 hashicorp🔗 discuss.hashicorp.com👁 2 Views

Terraform Enterprise SSO uses Ruby SAML; upgrade to v202502-2+ to fix CVE 2025-25291/92 and CVE 2025-25293.

Related
ReporterTitlePublishedViews
Family
FreeBSD		Gitlab -- Vulnerabilities
12 Mar 202500:00
freebsd
BDU FSTEC		The vulnerability in the implementation of the SAML SSO protocol for the Ruby SAML library and the git-based software platform for collaborative code development on GitLab CE/EE allows a perpetrator to bypass authentication.
17 Mar 202500:00
bdu_fstec
BDU FSTEC		The vulnerability of the SAML SSO library in Ruby SAML and the Git-based software platform for collaborative code development on GitLab CE/EE allows a perpetrator to bypass authentication.
17 Mar 202500:00
bdu_fstec
BDU FSTEC		The vulnerability of the SAML SSO library in Ruby allows a attacker to trigger a service failure.
1 Apr 202500:00
bdu_fstec
Circl		CVE-2025-25291
12 Mar 202520:07
circl
Circl		CVE-2025-25292
12 Mar 202520:07
circl
Circl		CVE-2025-25293
12 Mar 202520:42
circl
CNNVD		OneLogin ruby-saml 安全漏洞
12 Mar 202500:00
cnnvd
CNNVD		OneLogin ruby-saml 安全漏洞
12 Mar 202500:00
cnnvd
CNNVD		OneLogin ruby-saml 安全漏洞
12 Mar 202500:00
cnnvd
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Mar 2025 23:20Current
7High risk
Vulners AI Score7
CVSS 3.19.8
CVSS 49.3
EPSS0.63792
SSVC
Terraform EnterpriseSingle Sign OnRuby SAMLXml signature wrappingVulnerability fixes
2