VIR Vulnerability Intelligence Relay

CVE-2025-65954

medium
Published 2026-05-15 · Modified 2026-05-19
CVSS v3
6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
CVSS v2
VIR risk
6.1

Description

SimpleSAMLphp casserver: Open Redirect in logout

Predictions

Exploit likelihood
71%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security-advisories@github.com — https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-cvrm-5hp6-h523

vendor Authored 2026-05-27

Vendor advisory: security-advisories@github.com — https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/fb6c6f1c7b9e757c93c5c306e1d36405e64f6dc5

vendor Authored 2026-05-27

Vendor advisory: security-advisories@github.com — https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/0462f50f00b3bb300d83067d11b74146a57bb8e0

Package impact
EcosystemPackageVulnerableFixed
php Packagistsimplesamlphp/simplesamlphp-module-casserver<6.3.1|>=7.0.0-rc1,<7.0.0-rc3
php Packagistsimplesamlphp/simplesamlphp-module-casserver>=7.0.0-rc1,<7.0.07.0.0
php Packagistsimplesamlphp/simplesamlphp-module-casserver<6.3.16.3.1
php COMPOSERsimplesamlphp/simplesamlphp-module-casserver< 6.3.16.3.1
php COMPOSERsimplesamlphp/simplesamlphp-module-casserver>= 7.0.0-rc1, < 7.0.0-rc37.0.0

Application impact
VendorProductVersionsFixed
simplesamlphpsimplesamlphp-module-casserver{"endExcluding":"6.3.1"}6.3.1
simplesamlphpsimplesamlphp-module-casserver7.0.0

References

CWEs

CWE-601

Verify integrity in audit chain (admin only). AS-IS.