Sign in as anyone: Bypassing SAML SSO authentication with parser differentials

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabil...

By Sonic Mustang · March 16, 2026 · 1 min read

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials

security
vulnerability research
authentication
github security lab
ruby

Source: The GitHub Blog

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabilities that rely on a parser differential were uncovered.