Critical Samlify SSO flaw lets attackers log in as admin

A critical Samlify authentication bypass vulnerability has been discovered that allows attackers to impersonate admin users by injecting unsigned malicious assertions into legitimately signed SAML responses. Samlify is a high-level authentication library that helps developers integrate SAML SSO and Single Log-Out (SLO) into Node.js applications. It is a popular tool for building or connecting to identity providers (IdPs) and service providers (SPs) using SAML. The library is used by SaaS platforms, organizations implementing SSO for internal tools, developers integrating with corporate Identity Providers like Azure AD or Okta, and in federated identity management scenarios. It is very popular, measuring over 200,000 weekly downloads on npm. The flaw, tracked as CVE-2025-47949, is a critical (CVSS v4.0 score: 9.9) Signature Wrapping flaw impacting all versions of Samlify before 2.10.0. As EndorLabs explained in a report, Samlify correctly verifies that the XML document providing a u ... Read full article.