CVE-2025-65954— SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout
Possible ATT&CK Techniques 1AI
T1189 · Drive-by CompromiseAffected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| simplesamlphp | simplesamlphp-module-casserver | < 6.3.1 | affected |
>= 7.0.0-rc1, < 7.0.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-65954
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout
Source: NVD (National Vulnerability Database)
Vulnerability Description
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Vulnerability Title
SimpleSAMLphp-casserver 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SimpleSAMLphp-casserver是SimpleSAMLphp开源的一款CAS协议兼容的单点登录服务器模块。 SimpleSAMLphp-casserver 6.3.1之前版本和7.0.0之前版本存在输入验证错误漏洞,该漏洞源于注销端点将url查询参数视为可信,可能导致重定向或显示已注销页面。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| simplesamlphp | simplesamlphp-module-casserver | < 6.3.1 | - |
II. Public POCs for CVE-2025-65954
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-65954
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: simplesamlphp
- CVE-2026-32600
xml-security is Missing AES-GCM Authentication Tag Validatio - CVE-2025-27773
SimpleSAMLphp SAML2 library has incorrect signature verifica - CVE-2024-52596
SimpleSAMLphp xml-common XXE vulnerability - CVE-2024-52806
SimpleSAMLphp SAML2 has an XXE in parsing SAML messages - CVE-2023-49087
Validation of SignedInfo
Same weakness: CWE-601
- CVE-2026-7504
Org.keycloak/keycloak-services: open redirect when using wil - CVE-2026-42207
Magento LTS: Open Redirect via Unvalidated `uenc` Parameter - CVE-2026-44427
MCP Registry: Open Redirect - CVE-2026-44520
Docling-Graph: SSRF via Missing Internal IP Validation in UR - CVE-2026-45448
ntopng - CWE-601: URL Redirection to Untrusted Site ('Open R
V. Comments for CVE-2025-65954
No comments yet