【Vulnerability Alert】 Critical Security Vulnerability in Node.js Library Samlify (CVE-2025-47949)

Posted Date: 2025/05/30

Subject Description: 【Vulnerability Alert】 Critical Security Vulnerability in Node.js Library Samlify (CVE-2025-47949)

Content Description:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202505-00000021
- Samlify is a crucial library on the Node.js platform used to implement SAML 2.0, providing high-level APIs that help developers integrate Single Sign-On (SSO) and Identity and Access Management (IAM) systems. Recently, a critical security vulnerability (CVE-2025-47949, CVSS 4.x: 9.9) was disclosed. This vulnerability allows unauthenticated attackers to exploit weaknesses in the signature verification mechanism to forge SAML responses and gain access as any user, including system administrators.
Affected Platforms:
- Versions prior to Samlify 2.10.0
Recommended Action:
- Please update to Samlify version 2.10.0 or later
Reference Information:
- https://www.twcert.org.tw/tw/cp-169-10155-48fe7-1.html

Computer and Communication Center
Network Systems Division