Home

Description

A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations.

PUBLISHED Reserved 2025-04-16 | Published 2025-08-14 | Updated 2025-08-14 | Assigner siemens




HIGH: 8.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-347: Improper Verification of Cryptographic Signature

Product status

Default status
unknown

Any version before V4.0.3
affected

Default status
unknown

Any version before V4.1.2
affected

Default status
unknown

Any version before V3.6.21
affected

References

cert-portal.siemens.com/productcert/html/ssa-395458.html

cve.org (CVE-2025-40758)

nvd.nist.gov (CVE-2025-40758)

Download JSON