CVE-2025-65954
SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout
CVSS Score
4.7
EPSS Score
0.0%
EPSS Percentile
0th
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0.
| CWE | CWE-601 |
| Vendor | simplesamlphp |
| Product | simplesamlphp-module-casserver |
| Published | May 18, 2026 |
| Last Updated | May 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for simplesamlphp simplesamlphp-module-casserver
Be the first to know when new medium vulnerabilities affecting simplesamlphp simplesamlphp-module-casserver are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Affected Versions
simplesamlphp / simplesamlphp-module-casserver
< 6.3.1 >= 7.0.0-rc1, < 7.0.0
References
github.com: https://github.com/simplesamlphp/simplesamlphp-module-casserver/security/advisories/GHSA-cvrm-5hp6-h523 github.com: https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/0462f50f00b3bb300d83067d11b74146a57bb8e0 github.com: https://github.com/simplesamlphp/simplesamlphp-module-casserver/commit/fb6c6f1c7b9e757c93c5c306e1d36405e64f6dc5