{ "schema_version": "1.4.0", "id": "GHSA-9p8x-f768-wp2g", "modified": "2025-03-16T21:34:47Z", "published": "2025-03-14T17:14:23Z", "aliases": [ "CVE-2025-29774" ], "summary": "xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References", "details": "# Impact\nAn attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user.\n\n# Patches\nAll versions <= 6.0.0 are affected. Please upgrade to version 6.0.1.\n\nIf you are still using v2.x or v3.x please upgrade to the associated patch version.\n\n# Indicators of Compromise\n\nWhen logging XML payloads, check for the following indicators. If the payload includes encrypted elements, ensure you analyze the decrypted version for a complete assessment. (If encryption is not used, analyze the original XML document directly). This applies to various XML-based authentication and authorization flows, such as SAML Response payloads.\n\n### Multiple SignedInfo Nodes\nThere should not be more than one SignedInfo node inside a Signature. If you find multiple SignedInfo nodes, it could indicate an attack.\n\n```xml\n\n \n \n \n forgeddigestvalue\n \n \n \n \n \n realdigestvalue\n \n \n \n\n```\n\n### Code to test\n\nPass in the decrypted version of the document\n```js\ndecryptedDocument = ... // yours to implement\n\n// This check is per-Signature node, not per-document\nconst signedInfoNodes = xpath.select(\".//*[local-name(.)='SignedInfo']\", signatureNode);\n\nif (signedInfoNodes.length === 0) {\n // Not necessarily a compromise, but invalid. Should contain exactly one SignedInfo node\n // Yours to implement\n}\n\nif (signedInfoNodes.length > 1) {\n // Compromise detected, yours to implement\n}\n```", "severity": [ { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" } ], "affected": [ { "package": { "ecosystem": "npm", "name": "xml-crypto" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "4.0.0" }, { "fixed": "6.0.1" } ] } ] }, { "package": { "ecosystem": "npm", "name": "xml-crypto" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "3.0.0" }, { "fixed": "3.2.1" } ] } ] }, { "package": { "ecosystem": "npm", "name": "xml-crypto" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.1.6" } ] } ] } ], "references": [ { "type": "WEB", "url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29774" }, { "type": "WEB", "url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed" }, { "type": "WEB", "url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98" }, { "type": "WEB", "url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07" }, { "type": "PACKAGE", "url": "https://github.com/node-saml/xml-crypto" }, { "type": "WEB", "url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6" }, { "type": "WEB", "url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1" }, { "type": "WEB", "url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1" }, { "type": "WEB", "url": "https://workos.com/blog/samlstorm" } ], "database_specific": { "cwe_ids": [ "CWE-347" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2025-03-14T17:14:23Z", "nvd_published_at": "2025-03-14T17:15:52Z" } }