CVE-2025-65954
MEDIUM WAF: Medium
CVSS 6.1
Published: 2026-05-18
CWE-601
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| simplesamlphp | simplesamlphp-module-casserver | up to 6.3.1 |
| simplesamlphp | simplesamlphp-module-casserver | 7.0.0 |
| simplesamlphp | simplesamlphp-module-casserver | 7.0.0 |
References
- github.com (Patch)
- github.com (Patch)
- github.com (Exploit, Vendor Advisory)