Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/20 7:20 p.m.10 views

CVE-2025-24895

CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the...

9.1CVSS6.7AI score0.0056EPSS
Exploits0References1
NVD
NVD
added 2025/02/18 7:15 p.m.39 views

CVE-2025-24895

CIE.AspNetCore.Authentication is an AspNetCore Remote Authenticator for CIE 3.0. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: 1. Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the...

9.1CVSS0.0056EPSS
Exploits0References1
CVE
CVE
added 2025/02/18 6:39 p.m.158 views

CVE-2025-24895

CVE-2025-24895 describes a SAML signature verification bypass in the CIE.AspNetCore.Authentication SP component for SPID/CIE. The issue arises because the first signature in a SAML response is not guaranteed to refer to the root object; an attacker could inject an item signed as the first element...

9.1CVSS7.1AI score0.0056EPSS
Exploits0References1
Circl
Circl
added 2025/02/17 1:25 p.m.23 views

CVE-2025-24895

creationtimestamp| type| source ---|---|--- 2025-02-17 13:25:42+00:00| published-proof-of-concept| https://github.com/italia/cie-aspnetcore/security/advisories/GHSA-vq63-8f72-f486 2025-02-18 19:16:19+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lihxwvee2w2n 2025-02-18...

9.1CVSS7.3AI score0.0056EPSS
Exploits0References6
Rows per page
Query Builder