Summary There is a critical vulnerability on xmlseclibs CVE-2025-66475, a dependency of php-saml Update to the following versions of php-saml which forces the use of patched versions of xmlseclibs: 2.21.1 3.8.1 4.3.1 Impact Signature Wrapping Vulnerabilities allows an attacker to impersonate a user.
In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling openssl_verify() depending on the signature algorithm used. The openssl_verify() function returns 1 when the signature was successfully verified, 0 if it failed to verify with the given key, and -1 in case an error occurs. PHP allows translating numerical values to boolean implicitly, with …
An error during signature verification can be treated as a successful verification.
An error during signature verification can be treated as a successful verification.
Vulnerability to Response Wrapping attacks resulting in a malicious user gaining unauthorized access to a system.