CVE-2025-66578: Unchecked C14n Return Value
The return value of `DOMNode::C14N()` is not verified. `C14N()` returns `false` on failure, which may be implicitly cast to an empty string. When canonicalized output is used in XML signature verification, missing error checks can lead to empty digest validation and authentication bypass. Always verify that `C14N()` does not return `false` before using or re
PHPβgreprules fetch cve-2025-66578-unchecked-c14n-return-value --engine opengrepDescription
The return value of `DOMNode::C14N()` is not verified. `C14N()` returns `false` on failure, which may be implicitly cast to an empty string. When canonicalized output is used in XML signature verification, missing error checks can lead to empty digest validation and authentication bypass. Always verify that `C14N()` does not return `false` before using or re
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0