Linux Distros Unpatched Vulnerability : CVE-2020-5225

🗓️ 18 Aug 2025 00:00:00Reported by TenableType

Linux CVE-2020-5225 SimpleSAMLphp pre 1.18.4 log injection via errorreport.php from unsanitized ID

Reporter	Title	Published	Views	Family All 14
CNVD	SimpleSAMLphp Log Message Disclosure Vulnerability	19 Feb 202000:00	–	cnvd
CVE	CVE-2020-5225	24 Jan 202020:55	–	cve
Cvelist	CVE-2020-5225 Log injection in SimpleSAMLphp	24 Jan 202020:55	–	cvelist
Debian CVE	CVE-2020-5225	24 Jan 202020:55	–	debiancve
EUVD	EUVD-2020-0249	7 Oct 202500:30	–	euvd
Github Security Blog	Log injection in SimpleSAMLphp	24 Jan 202021:26	–	github
NVD	CVE-2020-5225	24 Jan 202021:15	–	nvd
OSV	DEBIAN-CVE-2020-5225	24 Jan 202021:15	–	osv
OSV	GHSA-6GC6-M364-85WW Log injection in SimpleSAMLphp	24 Jan 202021:26	–	osv
OSV	UBUNTU-CVE-2020-5225	24 Jan 202021:15	–	osv

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2020-5225
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(250611);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/18");

  script_cve_id("CVE-2020-5225");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2020-5225");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error
    reports and sends them via email to the system administrator, did not properly sanitize the report
    identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new
    log lines by manually crafting this report ID. When configured to use the file logging handler,
    SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID
    parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to
    inject newline characters into it, effectively allowing a malicious user to inject new log lines with
    arbitrary content. (CVE-2020-5225)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2020-5225");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-5225");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:simplesamlphp");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "simplesamlphp"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "simplesamlphp"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

18 Aug 2025 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.4 - 5.4

CVSS 25.5

EPSS0.00173