CVE-2025-54982 PUBLISHED

SAML 2.0 Public Key Validation Issue

Assigner: Zscaler
Reserved: 04.08.2025 Published: 05.08.2025 Updated: 19.08.2025

An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CVSS Score: 9.6

Product Status

Vendor Zscaler
Product Authentication Server
Versions Default: unaffected
  • affected from 0 to 6.2r (excl.)

Credits

  • Richard Warren, AmberWolf finder

References

Problem Types

  • CWE-347 Improper Verification of Cryptographic Signature CWE

Impacts

  • CAPEC-114 Authentication Abuse