CVE-2025-31335

low-risk

Published 2025-03-28

The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation (when using SAML bindings that rely on non-XML signatures).

Do I need to act?

0.15% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.0/10 Medium

NETWORK / HIGH complexity

References (4)

https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178ab...

https://lists.debian.org/debian-security-announce/2025/msg00041.html

https://shibboleth.atlassian.net/browse/CPPOST-126

https://shibboleth.net/community/advisories/secadv_20250313.txt

/ 100

low-risk

Severity 13/34 · Low

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal