greprules.io
Sign inSubmit rule
Explore/cve-2025-25291-ruby-saml-rexml-xpath-on-raw-document-with-signed-element-id

CVE-2025-25291: Ruby Saml Rexml Xpath On Raw Document With Signed Element Id

SAML signature-validation pipeline re-queries the raw XML document with REXML::XPath using `signed_element_id` as the `@ID` lookup variable to fetch downstream identity content (NameID, Attributes, Subject, etc.). The cryptographic signature was verified by Nokogiri on a (potentially) different document tree; trusting REXML's ID-based lookup on the raw docum

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0ruby
greprules fetch cve-2025-25291-ruby-saml-rexml-xpath-on-raw-document-with-signed-element-id --engine opengrep

Description

SAML signature-validation pipeline re-queries the raw XML document with REXML::XPath using `signed_element_id` as the `@ID` lookup variable to fetch downstream identity content (NameID, Attributes, Subject, etc.). The cryptographic signature was verified by Nokogiri on a (potentially) different document tree; trusting REXML's ID-based lookup on the raw docum

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Trust signals
109 downloads0 direct109 via packs
· 0 stars · Trust score 73How trust works
Included packs
2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark usefulReport false positiveSuggest metadata