CVE-2025-54982
Published Aug 5, 2025
Last updated 7 months ago
- Description
- An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.
- Source
- cve@zscaler.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.6
- Impact score
- 5.8
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
- Severity
- CRITICAL
- cve@zscaler.com
- CWE-347
- Hype score
- Not currently trending
Critical flaws in Zscaler, Netskope, and Check Point zero trust platforms allow authentication bypass and privilege escalation. Zscaler patched CVE-2025-54982 cryptographic flaw. #ZeroTrustFlaws #AuthBypass #USA https://t.co/5BFctl8ZVK
@TweetThreatNews
14 Aug 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
מספר “חולשות”אבטחה למוצרי SASE נחשפו בכנס def con. בין המוצרים ניתן לראות את Zscaler , Netskope ו checkpoint. אין קשר בין "החולשות" ולמעשה כל אחת מהם היא "חולשה" בשם עצמה. https:/
@NirRoitman
11 Aug 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Check Point、Zscaler、Netskope各社のゼロトラスト製品に複数の重大な脆弱性。DEF CONでの発表。最も認証ナノはZscalerにおけるSAML認証回避のCVE-2025-54982。Netskopeはサーバ側の脆弱性にはCVEを発行しないポリシー。Check P
@__kokumoto
11 Aug 2025
2234 Impressions
7 Retweets
47 Likes
16 Bookmarks
0 Replies
1 Quote
CVE-2025-54982 (CVSS:9.6, CRITICAL) is Awaiting Analysis. An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowe..https://t.co/zhdHlFmjNC #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
10 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview and Advisory - Zscaler SAML Authentication Bypass (CVE-2025-54982). Following on from our DEF CON 33 presentation, the first two blog posts in our series on Zero Trust Network access abuse are now live. https://t.co/f
@AmberWolfSec
10 Aug 2025
5329 Impressions
23 Retweets
51 Likes
15 Bookmarks
2 Replies
0 Quotes
Security Update: CVE-2025-54982 SAML 2.0 Public Key Validation Issue Zscaler has disclosed CVE-2025-54982 for an authentication bypass vulnerability within the SAML 2.0 implementation in the ZIA Platform. The issue has been remediated in all Zscaler Clouds and the Zscaler
@Gussan_sec
6 Aug 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54982 Zscaler SAML Authentication Bypass via Improper Cryptographic Signature Verification https://t.co/t9QncuEBvV
@VulmonFeeds
5 Aug 2025
136 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-54982(CVSS 9.6)Zscaler's server-side SAML authentication mechanism allowed authentication abuse due to improper cryptographic signature verification. 🎯3.6M+Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/A8rkH
@fofabot
5 Aug 2025
4786 Impressions
26 Retweets
80 Likes
18 Bookmarks
0 Replies
0 Quotes
not much info about it but: 🟥 CVE-2025-54982, CVSS: 9.6 (#Critical) Zscaler SAML Authentication A critical vulnerability due to improper verification of cryptographic signatures in Zscaler's SAML authentication mechanism, allowing authentication abuse. #CyberSecurity #CVE
@UjlakiMarci
5 Aug 2025
15469 Impressions
26 Retweets
134 Likes
65 Bookmarks
1 Reply
3 Quotes
CVE-2025-54982 An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse. https://t.co/WOlPjYbUYm
@CVEnew
5 Aug 2025
632 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2025-54982 exposes Zscaler Authentication Server to signature verification bypass via SAML. Potential for auth abuse—patch info pending. Stay alert! https://t.co/JYucfWYJQ4 #OffSeq #Zscaler #Cy... https://t.co/mFy69eYvuN
@offseq
5 Aug 2025
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes