{"id":"CVE-2025-27509","summary":"SAML authentication vulnerability due to improper SAML response validation","details":"fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time (JIT) provisioning is enabled, or create new accounts tied to forged assertions if f MDM enrollment is enabled. This vulnerability is fixed in 4.64.2, 4.63.2, 4.62.4, and 4.58.1.","aliases":["GHSA-52jx-g6m5-h735","GO-2025-3505"],"modified":"2026-04-11T12:47:17.468527Z","published":"2025-03-06T19:00:36.098Z","related":["openSUSE-SU-2025:14889-1"],"database_specific":{"cwe_ids":["CWE-285"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27509.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/27xxx/CVE-2025-27509.json"},{"type":"ADVISORY","url":"https://github.com/fleetdm/fleet/security/advisories/GHSA-52jx-g6m5-h735"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27509"},{"type":"FIX","url":"https://github.com/fleetdm/fleet/commit/718c95e47ad010ad6b8ceb3f3460e921fbfc53bb"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fleetdm/fleet","events":[{"introduced":"0"},{"fixed":"718c95e47ad010ad6b8ceb3f3460e921fbfc53bb"}]}],"versions":["1.0.0","1.0.0-rc1","1.0.0-rc2","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","2.0.0","2.0.0-rc1","2.0.0-rc2","2.0.0-rc3","2.0.0-rc4","2.0.0-rc5","2.0.1","2.0.2","2.1.0","2.1.1","2.1.2","2.2.0","2.3.0","2.4.0","2.5.0","2.6.0","3.0.0","3.1.0","3.10.0","3.10.1","3.11.0","3.12.0","3.13.0","3.2.0","3.3.0","3.4.0","3.5.0","3.5.1","3.6.0","3.7.0","3.7.1","3.7.2","3.7.3","3.8.0","3.9.0","fleet-v4.10.0","fleet-v4.11.0","fleet-v4.12.0","fleet-v4.13.0","fleet-v4.14.0","fleet-v4.15.0","fleet-v4.16.0","fleet-v4.17.0","fleet-v4.18.0","fleet-v4.19.0","fleet-v4.2.0","fleet-v4.2.2","fleet-v4.20.0","fleet-v4.22.0","fleet-v4.23.0","fleet-v4.24.0","fleet-v4.25.0","fleet-v4.26.0","fleet-v4.27.0","fleet-v4.28.0","fleet-v4.29.0","fleet-v4.3.0","fleet-v4.3.1","fleet-v4.30.0","fleet-v4.31.0","fleet-v4.32.0","fleet-v4.33.0","fleet-v4.34.0","fleet-v4.35.0","fleet-v4.36.0","fleet-v4.37.0","fleet-v4.38.0","fleet-v4.39.0","fleet-v4.4.0","fleet-v4.40.0","fleet-v4.41.0","fleet-v4.43.0","fleet-v4.45.0","fleet-v4.47.0","fleet-v4.48.0","fleet-v4.49.0","fleet-v4.5.0","fleet-v4.50.0","fleet-v4.51.0","fleet-v4.6.0","fleet-v4.6.1","fleet-v4.64.0","fleet-v4.64.1","fleet-v4.7.0","fleet-v4.8.0","fleetctl-docker-deps-v4.60.0","fleetd-chrome-v1.1.0-beta","fleetd-chrome-v1.1.1-beta","fleetd-chrome-v1.1.3","fleetd-chrome-v1.1.3-beta","fleetd-chrome-v1.2.0","fleetd-chrome-v1.2.0-beta","fleetd-chrome-v1.2.1-beta","fleetd-chrome-v1.3.0","fleetd-chrome-v1.3.1","orbit-test-build","orbit-v0.0.11","orbit-v0.0.12","orbit-v0.0.13","orbit-v0.0.4","orbit-v0.0.5","orbit-v0.0.6","orbit-v0.0.7","orbit-v0.0.9","orbit-v1.0.0","orbit-v1.1.0","orbit-v1.10.0","orbit-v1.11.0","orbit-v1.12.0","orbit-v1.12.1","orbit-v1.13.0","orbit-v1.14.0","orbit-v1.15.0","orbit-v1.16.0","orbit-v1.16.0-2","orbit-v1.17.0","orbit-v1.18.0-RC","orbit-v1.18.2","orbit-v1.18.3","orbit-v1.2.0-rc1","orbit-v1.20.0","orbit-v1.3.0","orbit-v1.3.0-rc","orbit-v1.4.0","orbit-v1.4.0-rc","orbit-v1.4.1","orbit-v1.5.0","orbit-v1.7.0","orbit-v1.8.0","orbit-v1.9.0","orbit-v1.9.1","rc-fleetctl-test-v4.63.0","tf-mod-addon-bfldf-v1.1.0","tf-mod-addon-byo-file-carving-target-account-v1.0.0","tf-mod-addon-byo-file-carving-target-account-v1.1.0","tf-mod-addon-byo-file-carving-v1.0.0","tf-mod-addon-byo-file-carving-v1.1.0","tf-mod-addon-byo-firehose-logging-destination-firehose-v1.0.0","tf-mod-addon-byo-firehose-logging-destination-firehose-v1.1.0","tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.0","tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.1","tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.2","tf-mod-addon-byo-firehose-logging-destination-firehose-v2.0.3","tf-mod-addon-byo-firehose-logging-destination-target-account-v1.0.0","tf-mod-addon-byo-firehose-logging-destination-target-account-v1.1.0","tf-mod-addon-byo-kinesis-logging-destination-kinesis-v1.0.0","tf-mod-addon-byo-kinesis-logging-destination-kinesis-v1.0.1","tf-mod-addon-byo-kinesis-logging-destination-target-account-v1.0.0","tf-mod-addon-external-vuln-scans-v1.0.0","tf-mod-addon-external-vuln-scans-v2.0.0","tf-mod-addon-external-vuln-scans-v2.0.1","tf-mod-addon-external-vuln-scans-v2.0.2","tf-mod-addon-external-vuln-scans-v2.1.0","tf-mod-addon-external-vuln-scans-v2.2.0","tf-mod-addon-geolite2-v1.0.0","tf-mod-addon-logging-alb-v1.0.0","tf-mod-addon-logging-alb-v1.0.1","tf-mod-addon-logging-alb-v1.0.2","tf-mod-addon-logging-alb-v1.1.0","tf-mod-addon-logging-alb-v1.1.1","tf-mod-addon-logging-alb-v1.2.0","tf-mod-addon-logging-destination-firehose-v1.0.0","tf-mod-addon-logging-destination-firehose-v1.1.0","tf-mod-addon-logging-destination-firehose-v1.1.1","tf-mod-addon-mdm-v1.0.0","tf-mod-addon-mdm-v1.1.0","tf-mod-addon-mdm-v1.2.0","tf-mod-addon-mdm-v1.2.1","tf-mod-addon-mdm-v1.2.2","tf-mod-addon-mdm-v1.3.0","tf-mod-addon-mdm-v1.4.0","tf-mod-addon-mdm-v1.4.1","tf-mod-addon-mdm-v1.5.0","tf-mod-addon-mdm-v2.0.0","tf-mod-addon-mdmproxy-v1.0.0","tf-mod-addon-mdmproxy-v1.0.1","tf-mod-addon-migrations-v1.0.0","tf-mod-addon-migrations-v2.0.0","tf-mod-addon-migrations-v2.0.1","tf-mod-addon-monitoring-v1.0.0","tf-mod-addon-monitoring-v1.1.0","tf-mod-addon-monitoring-v1.1.1","tf-mod-addon-monitoring-v1.1.2","tf-mod-addon-monitoring-v1.1.3","tf-mod-addon-monitoring-v1.2.0","tf-mod-addon-monitoring-v1.3.0","tf-mod-addon-monitoring-v1.4.0","tf-mod-addon-monitoring-v1.4.1","tf-mod-addon-monitoring-v1.5.0","tf-mod-addon-monitoring-v1.5.1","tf-mod-addon-osquery-carve-split-account-osquery-carve-v1.0.0","tf-mod-addon-osquery-carve-split-account-osquery-carve-v1.1.0","tf-mod-addon-osquery-carve-split-account-split-account-v1.0.0","tf-mod-addon-osquery-carve-split-account-split-account-v1.1.0","tf-mod-addon-osquery-carve-v1.0.0","tf-mod-addon-osquery-carve-v1.0.1","tf-mod-addon-osquery-carve-v1.1.0","tf-mod-addon-osquery-perf-v1.0.0","tf-mod-addon-saml-auth-proxy-v1.0.0","tf-mod-addon-saml-auth-proxy-v1.1.0","tf-mod-addon-saml-auth-proxy-v1.2.0","tf-mod-addon-saml-auth-proxy-v1.3.0","tf-mod-addon-ses-v1.0.0","tf-mod-addon-ses-v1.1.0","tf-mod-addon-ses-v1.2.0","tf-mod-addon-vuln-processing-v1.0.0","tf-mod-addon-vuln-processing-v1.1.0","tf-mod-addon-waf-alb-v1.0.0","tf-mod-addon-waf-alb-v2.0.0","tf-mod-byo-db-v1.0.0","tf-mod-byo-db-v1.1.0","tf-mod-byo-db-v1.2.0","tf-mod-byo-db-v1.3.0","tf-mod-byo-db-v1.3.1","tf-mod-byo-db-v1.3.2","tf-mod-byo-db-v1.4.0","tf-mod-byo-db-v1.5.0","tf-mod-byo-db-v1.5.1","tf-mod-byo-db-v1.6.0","tf-mod-byo-db-v1.7.0","tf-mod-byo-db-v1.7.1","tf-mod-byo-db-v1.8.0","tf-mod-byo-db-v1.9.0","tf-mod-byo-ecs-v1.0.0","tf-mod-byo-ecs-v1.1.0","tf-mod-byo-ecs-v1.2.0","tf-mod-byo-ecs-v1.3.0","tf-mod-byo-ecs-v1.4.0","tf-mod-byo-ecs-v1.4.1","tf-mod-byo-ecs-v1.5.0","tf-mod-byo-ecs-v1.6.0","tf-mod-byo-ecs-v1.6.1","tf-mod-byo-ecs-v1.7.0","tf-mod-byo-ecs-v1.8.0","tf-mod-byo-ecs-v1.8.1","tf-mod-byo-vpc-v1.0.0","tf-mod-byo-vpc-v1.1.0","tf-mod-byo-vpc-v1.10.0","tf-mod-byo-vpc-v1.10.1","tf-mod-byo-vpc-v1.11.0","tf-mod-byo-vpc-v1.12.0","tf-mod-byo-vpc-v1.12.1","tf-mod-byo-vpc-v1.2.0","tf-mod-byo-vpc-v1.3.0","tf-mod-byo-vpc-v1.4.0","tf-mod-byo-vpc-v1.5.0","tf-mod-byo-vpc-v1.6.0","tf-mod-byo-vpc-v1.6.1","tf-mod-byo-vpc-v1.7.0","tf-mod-byo-vpc-v1.7.1","tf-mod-byo-vpc-v1.8.0","tf-mod-byo-vpc-v1.8.1","tf-mod-byo-vpc-v1.8.2","tf-mod-byo-vpc-v1.8.3","tf-mod-byo-vpc-v1.9.0","tf-mod-root-v1.0.0","tf-mod-root-v1.1.0","tf-mod-root-v1.1.1","tf-mod-root-v1.10.0","tf-mod-root-v1.11.0","tf-mod-root-v1.11.1","tf-mod-root-v1.2.0","tf-mod-root-v1.3.0","tf-mod-root-v1.4.0","tf-mod-root-v1.5.0","tf-mod-root-v1.5.1","tf-mod-root-v1.6.0","tf-mod-root-v1.6.1","tf-mod-root-v1.7.0","tf-mod-root-v1.7.1","tf-mod-root-v1.7.2","tf-mod-root-v1.7.3","tf-mod-root-v1.8.0","tf-mod-root-v1.9.0","tf-mod-root-v1.9.1","tf-mod-root-v1.9.2","v0.0.4","v0.0.5","v0.0.6","v0.0.7","v4.0.0","v4.0.0-rc3","v4.0.1","v4.1.0","v4.28.0","v4.36.0","v4.37.0","v4.43.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27509.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}]}