GHSA-5j8p-438x-rgg5: SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475
Summary
There is a critical vulnerability on xmlseclibs CVE-2025-66475, a dependency of php-saml
Update to the following versions of php-saml which forces the use of patched versions of xmlseclibs:
Impact
Signature Wrapping Vulnerabilities allows an attacker to impersonate a user.
References
- github.com/SAML-Toolkits/php-saml
- github.com/SAML-Toolkits/php-saml/releases/tag/2.21.1
- github.com/SAML-Toolkits/php-saml/releases/tag/3.8.1
- github.com/SAML-Toolkits/php-saml/releases/tag/4.3.1
- github.com/SAML-Toolkits/php-saml/security/advisories/GHSA-5j8p-438x-rgg5
- github.com/advisories/GHSA-5j8p-438x-rgg5
- github.com/robrichards/xmlseclibs/security/advisories/GHSA-c4cc-x928-vjw9
Code Behaviors & Features
Detect and mitigate GHSA-5j8p-438x-rgg5 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →