【Vulnerability Alert】 Critical Security Vulnerability in Node.js Library Samlify (CVE-2025-47949)

• Subject Description: 【Vulnerability Alert】 Critical Security Vulnerability in Node.js Library Samlify (CVE-2025-47949)

• Content Description:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202505-00000021
  • Samlify is a crucial library on the Node.js platform used to implement SAML 2.0, providing high-level APIs that help developers integrate Single Sign-On (SSO) and Identity and Access Management (IAM) systems. Recently, a critical security vulnerability (CVE-2025-47949, CVSS 4.x: 9.9) was disclosed. This vulnerability allows unauthenticated attackers to exploit weaknesses in the signature verification mechanism to forge SAML responses and gain access as any user, including system administrators.
• Affected Platforms:
  • Versions prior to Samlify 2.10.0
• Recommended Action:
  • Please update to Samlify version 2.10.0 or later
• Reference Information:
  • https://www.twcert.org.tw/tw/cp-169-10155-48fe7-1.html

Computer and Communication Center
Network Systems Division