CVE-2025-27509: Fleet has SAML authentication vulnerability due to improper SAML response validation
(updated )
A vulnerability in Fleet’s SAML authentication handling could allow an attacker to forge authentication assertions and gain unauthorized access to Fleet. In certain configurations, this could result in the creation of new user accounts, including administrative accounts. This issue affects Fleet deployments using single sign-on (SSO).
References
- github.com/advisories/GHSA-52jx-g6m5-h735
- github.com/fleetdm/fleet
- github.com/fleetdm/fleet/commit/718c95e47ad010ad6b8ceb3f3460e921fbfc53bb
- github.com/fleetdm/fleet/releases/tag/fleet-v4.64.2
- github.com/fleetdm/fleet/security/advisories/GHSA-52jx-g6m5-h735
- nvd.nist.gov/vuln/detail/CVE-2025-27509
- pkg.go.dev/vuln/GO-2025-3505
Code Behaviors & Features
Detect and mitigate CVE-2025-27509 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →