CVE-2025-65954 | THREATINT

Description

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0.

PUBLISHED Reserved 2025-11-18 | Published 2026-05-18 | Updated 2026-05-18 | Assigner GitHub_M

MEDIUM: 4.7CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Problem types

CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Product status

< 6.3.1

affected

>= 7.0.0-rc1, < 7.0.0

affected

References

github.com/...server/security/advisories/GHSA-cvrm-5hp6-h523 exploit

github.com/...server/security/advisories/GHSA-cvrm-5hp6-h523

github.com/...ommit/0462f50f00b3bb300d83067d11b74146a57bb8e0

github.com/...ommit/fb6c6f1c7b9e757c93c5c306e1d36405e64f6dc5

cve.org (CVE-2025-65954)

nvd.nist.gov (CVE-2025-65954)

Download JSON