csaf_certbund - wid-sec-w-2025-0841

wid-sec-w-2025-0841

Vulnerability from csaf_certbund

Published

2025-04-16 22:00

Modified

2025-05-08 22:00

Summary

IBM App Connect Enterprise: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen auszuspähen oder seine Privilegien zu eskalieren

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen auszusp\u00e4hen oder seine Privilegien zu eskalieren",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0841 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0841.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0841 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0841"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-04-16",
        "url": "https://www.ibm.com/support/pages/node/7231056"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7232928 vom 2025-05-08",
        "url": "https://www.ibm.com/support/pages/node/7232928"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-05-08T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-09T07:44:26.369+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0841",
      "initial_release_date": "2025-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-05-08T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c13.0.3.0",
                "product": {
                  "name": "IBM App Connect Enterprise \u003c13.0.3.0",
                  "product_id": "T042961"
                }
              },
              {
                "category": "product_version",
                "name": "13.0.3.0",
                "product": {
                  "name": "IBM App Connect Enterprise 13.0.3.0",
                  "product_id": "T042961-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.3.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.0.12.13",
                "product": {
                  "name": "IBM App Connect Enterprise \u003c12.0.12.13",
                  "product_id": "T042962"
                }
              },
              {
                "category": "product_version",
                "name": "12.0.12.13",
                "product": {
                  "name": "IBM App Connect Enterprise 12.0.12.13",
                  "product_id": "T042962-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c12.11.0",
                "product": {
                  "name": "IBM App Connect Enterprise \u003c12.11.0",
                  "product_id": "T043525"
                }
              },
              {
                "category": "product_version",
                "name": "12.11.0",
                "product": {
                  "name": "IBM App Connect Enterprise 12.11.0",
                  "product_id": "T043525-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:app_connect_enterprise:12.11.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "App Connect Enterprise"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-57965",
      "product_status": {
        "known_affected": [
          "T042961",
          "T042962",
          "T043525"
        ]
      },
      "release_date": "2025-04-16T22:00:00.000+00:00",
      "title": "CVE-2024-57965"
    },
    {
      "cve": "CVE-2025-27152",
      "product_status": {
        "known_affected": [
          "T042961",
          "T042962",
          "T043525"
        ]
      },
      "release_date": "2025-04-16T22:00:00.000+00:00",
      "title": "CVE-2025-27152"
    },
    {
      "cve": "CVE-2025-29774",
      "product_status": {
        "known_affected": [
          "T042961",
          "T042962",
          "T043525"
        ]
      },
      "release_date": "2025-04-16T22:00:00.000+00:00",
      "title": "CVE-2025-29774"
    },
    {
      "cve": "CVE-2025-29775",
      "product_status": {
        "known_affected": [
          "T042961",
          "T042962",
          "T043525"
        ]
      },
      "release_date": "2025-04-16T22:00:00.000+00:00",
      "title": "CVE-2025-29775"
    }
  ]
}

CVE-2025-29775 (GCVE-0-2025-29775)

Vulnerability from cvelistv5

Published

2025-03-14 17:11

Modified

2025-03-15 20:45

Severity ?

9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Summary

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.

References

►

URL

Tags

	https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3	x_refsource_CONFIRM
	https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	node-saml	xml-crypto	Version: >= 4.0.0, < 6.0.1 Version: >= 3.0.0, < 3.2.1 Version: < 2.1.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29775",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T18:24:28.395551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T18:24:53.439Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-15T20:45:45.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://workos.com/blog/samlstorm"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xml-crypto",
          "vendor": "node-saml",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 6.0.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.2.1"
            },
            {
              "status": "affected",
              "version": "\u003c 2.1.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-14T17:11:05.590Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
        }
      ],
      "source": {
        "advisory": "GHSA-x3m8-899r-f7c3",
        "discovery": "UNKNOWN"
      },
      "title": "xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-29775",
    "datePublished": "2025-03-14T17:11:05.590Z",
    "dateReserved": "2025-03-11T14:23:00.474Z",
    "dateUpdated": "2025-03-15T20:45:45.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-57965 (GCVE-0-2024-57965)

Vulnerability from cvelistv5

Published

2025-01-29 00:00

Modified

2025-01-29 14:14

Severity ?

0.0 (None) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N

CWE

CWE-346 - Origin Validation Error

Summary

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.

References

►

URL

Tags

	https://github.com/axios/axios/issues/6351
	https://github.com/axios/axios/releases/tag/v1.7.8
	https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db
	https://github.com/axios/axios/pull/6714

Impacted products

	Vendor	Product	Version
	axios	axios	Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-57965",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T14:14:16.313627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-29T14:14:23.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "axios",
          "vendor": "axios",
          "versions": [
            {
              "lessThan": "1.7.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.7.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute(\u0027href\u0027,href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 0,
            "baseSeverity": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346 Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-29T09:09:06.421Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/axios/axios/issues/6351"
        },
        {
          "url": "https://github.com/axios/axios/releases/tag/v1.7.8"
        },
        {
          "url": "https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db"
        },
        {
          "url": "https://github.com/axios/axios/pull/6714"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-57965",
    "datePublished": "2025-01-29T00:00:00.000Z",
    "dateReserved": "2025-01-29T00:00:00.000Z",
    "dateUpdated": "2025-01-29T14:14:23.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27152 (GCVE-0-2025-27152)

Vulnerability from cvelistv5

Published

2025-03-07 15:13

Modified

2025-03-07 19:32

Severity ?

7.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.

References

►

URL

Tags

	https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6	x_refsource_CONFIRM
	https://github.com/axios/axios/issues/6463	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	axios	axios	Version: < 1.8.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27152",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-07T19:32:00.779211Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-07T19:32:17.511Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "axios",
          "vendor": "axios",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.8.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if \u2060baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-07T15:13:15.155Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
        },
        {
          "name": "https://github.com/axios/axios/issues/6463",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/issues/6463"
        }
      ],
      "source": {
        "advisory": "GHSA-jr5f-v2jv-69x6",
        "discovery": "UNKNOWN"
      },
      "title": "Possible SSRF and Credential Leakage via Absolute URL in axios Requests"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-27152",
    "datePublished": "2025-03-07T15:13:15.155Z",
    "dateReserved": "2025-02-19T16:30:47.779Z",
    "dateUpdated": "2025-03-07T19:32:17.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-29774 (GCVE-0-2025-29774)

Vulnerability from cvelistv5

Published

2025-03-14 17:05

Modified

2025-03-15 20:50

Severity ?

9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Summary

xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.

References

►

URL

Tags

	https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g	x_refsource_CONFIRM
	https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1	x_refsource_MISC
	https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	node-saml	xml-crypto	Version: >= 4.0.0, < 6.0.1 Version: >= 3.0.0, < 3.2.1 Version: < 2.1.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29774",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-14T18:36:19.111763Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T18:40:50.828Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-15T20:50:21.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://workos.com/blog/samlstorm"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xml-crypto",
          "vendor": "node-saml",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 6.0.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.2.1"
            },
            {
              "status": "affected",
              "version": "\u003c 2.1.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-14T17:05:53.943Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
        },
        {
          "name": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
        }
      ],
      "source": {
        "advisory": "GHSA-9p8x-f768-wp2g",
        "discovery": "UNKNOWN"
      },
      "title": "xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-29774",
    "datePublished": "2025-03-14T17:05:53.943Z",
    "dateReserved": "2025-03-11T14:23:00.474Z",
    "dateUpdated": "2025-03-15T20:50:21.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2025-0841

Vulnerability from csaf_certbund

CVE-2025-29775 (GCVE-0-2025-29775)

Vulnerability from cvelistv5

CVE-2024-57965 (GCVE-0-2024-57965)

Vulnerability from cvelistv5

CVE-2025-27152 (GCVE-0-2025-27152)

Vulnerability from cvelistv5

CVE-2025-29774 (GCVE-0-2025-29774)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature