What does the samlify vulnerability allow attackers to do?

The vulnerability allows attackers to completely bypass authentication mechanisms and impersonate any user, including administrators. The end result is a complete authentication bypass, allowing unauthorized remote attackers to impersonate any user in the system.

How does the signature wrapping attack work in samlify?

The attack follows this sequence: 1) Obtaining a legitimate signed XML document from an Identity Provider (IdP), which can be obtained through man-in-the-middle attacks, browser compromise, or publicly available IdP metadata; 2) Crafting malicious SAML responses by manipulating the legitimate signed document and inserting a second, malicious SAML assertion containing the identity of a target user (such as an administrator); 3) Exploiting the parsing flaw where the vulnerable samlify library correctly validates the original signature but incorrectly processes the unsigned, malicious assertion during XML parsing.

Can you provide an example of how the samlify attack works?

An attacker first gets a real SAML response for user 'bob@company.com', then wraps it with fake admin data containing a fake unsigned assertion for 'admin@company.com' with Administrator role, while keeping the real signed assertion for 'bob@company.com' with Employee role. When sent to the company portal, the vulnerable library validates the real signature but processes the fake admin identity, allowing the attacker to impersonate the administrator.

What is the severity rating of the samlify vulnerability?

The vulnerability has a CVSS score of 9.9, which is classified as critical - nearly the maximum possible severity rating for security vulnerabilities.

Advisory

Critical authentication bypass flaw reported in Samlify Node.js library

Q: What should organizations do to protect against this samlify vulnerability?

Organizations should immediately upgrade to samlify version 2.10.0 or later, review authentication logs for suspicious activity that might indicate exploitation attempts, and ensure they are updating from the correct npm package repository rather than relying solely on GitHub release information.

published: May 21, 2025

Take action: If you are using Samlify SSO library, time for an urgent update. The exploit scenario is trivial once an attacker gains access to a signed XML, which isn't that difficult. Think malicious insiders, compromised laptops, or even leaking IDPs. Don't ignore this one.

Learn More

A critical security vulnerability has been discovered in samlify, a widely-used Node.js library for implementing SAML 2.0 Single Sign-On (SSO) functionality.

Samlify is a high-level authentication library that helps developers integrate SAML SSO and Single Log-Out (SLO) functionality into Node.js applications. The library has over 200,000 weekly downloads on npm and is used across various sectors, including enterprise applications, cloud services (SaaS), federated identity management systems, and developer tools.

The vulnerability is tracked as CVE-2025-47949 (CVSS score 9.9) and allows attackers to completely bypass authentication mechanisms and impersonate any user, including administrators, through a signature wrapping attack.

The issue is caused by improper verification of cryptographic signatures in relation to parsed content. While the signature validation passes because it references the original valid portion of the document, the library extracts user identity information from the attacker-controlled, unsigned section.

The attack follows this sequence:

Obtaining a legitimate signed XML document: Attackers first acquire a validly signed XML document from an Identity Provider (IdP), which can be obtained through man-in-the-middle attacks, browser compromise, or publicly available IdP metadata
1. Attacker gets a real SAML response for user "bob@company.com

Crafting malicious SAML responses: The attacker manipulates the legitimate signed document by inserting a second, malicious SAML assertion containing the identity of a target user (such as an administrator)

Attacker wraps it with fake admin data:

<Response>
   <!-- FAKE (unsigned) -->
      <Assertion ID="fake">
           <User>admin@company.com</User>
           <Role>Administrator</Role>
       </Assertion>   
  <!-- REAL (signed by IdP) -->
     <Assertion ID="real">
          <Signature>Valid signature for bob@company.com</Signature>
          <User>bob@company.com</User>
          <Role>Employee</Role>
      </Assertion> 
</Response>

Send to company portal

Exploiting the parsing flaw: The vulnerable samlify library correctly validates the original signature but incorrectly processes the unsigned, malicious assertion during XML parsing

The end result is a complete authentication bypass, allowing unauthorized remote attackers to impersonate any user in the system

Users are advised to upgrade immediately to samlify version 2.10.0 or later and review authentication logs for any suspicious activity that might indicate exploitation attempts

It's important to note that while GitHub may still show version 2.9.1 as the latest release, npm hosts the secure version 2.10.0. Organizations should ensure they are updating from the correct package repository.

Critical authentication bypass flaw reported in Samlify Node.js library

Read More
Critical authentication bypass flaw reported in AI coding …
ForceMemo: Hundreds of GitHub Python Repos Compromised via …
Critical template Injection flaw in LaRecipe Documentation Package …
JetBrains warns users of IntelliJ IDE flaw leaking …
Snowflake attack research - data breaches are related …