Home

Description

An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.

PUBLISHED Reserved 2025-08-04 | Published 2025-08-05 | Updated 2026-02-26 | Assigner Zscaler




CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-347 Improper Verification of Cryptographic Signature

Product status

Default status
unaffected

Any version before 6.2r
affected

Credits

Richard Warren, AmberWolf finder

References

help.zscaler.com/zia/about-identity-providers

cve.org (CVE-2025-54982)

nvd.nist.gov (CVE-2025-54982)

Download JSON