CVE-2025-54982
Published Aug 5, 2025
Last updated 4 days ago
AI description
CVE-2025-54982 is a vulnerability found in Zscaler Authentication Server, specifically affecting the SAML authentication mechanism. The vulnerability stems from an improper verification of the cryptographic signature on the server-side, which could lead to authentication abuse. The vulnerability is classified as a signature verification issue (CWE-347). Exploitation of this vulnerability is known to be easy and can be initiated remotely. Zscaler has released version 6.2r to address and eliminate this vulnerability.
- Description
- An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.
- Source
- cve@zscaler.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.6
- Impact score
- 5.8
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
- Severity
- CRITICAL
- cve@zscaler.com
- CWE-347
- Hype score
- Not currently trending
Security Update: CVE-2025-54982 SAML 2.0 Public Key Validation Issue Zscaler has disclosed CVE-2025-54982 for an authentication bypass vulnerability within the SAML 2.0 implementation in the ZIA Platform. The issue has been remediated in all Zscaler Clouds and the Zscaler
@Gussan_sec
6 Aug 2025
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54982 Zscaler SAML Authentication Bypass via Improper Cryptographic Signature Verification https://t.co/t9QncuEBvV
@VulmonFeeds
5 Aug 2025
136 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-54982(CVSS 9.6)Zscaler's server-side SAML authentication mechanism allowed authentication abuse due to improper cryptographic signature verification. 🎯3.6M+Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/A8rkH
@fofabot
5 Aug 2025
4786 Impressions
26 Retweets
80 Likes
18 Bookmarks
0 Replies
0 Quotes
not much info about it but: 🟥 CVE-2025-54982, CVSS: 9.6 (#Critical) Zscaler SAML Authentication A critical vulnerability due to improper verification of cryptographic signatures in Zscaler's SAML authentication mechanism, allowing authentication abuse. #CyberSecurity #CVE
@UjlakiMarci
5 Aug 2025
15469 Impressions
26 Retweets
134 Likes
65 Bookmarks
1 Reply
3 Quotes
CVE-2025-54982 An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse. https://t.co/WOlPjYbUYm
@CVEnew
5 Aug 2025
632 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2025-54982 exposes Zscaler Authentication Server to signature verification bypass via SAML. Potential for auth abuse—patch info pending. Stay alert! https://t.co/JYucfWYJQ4 #OffSeq #Zscaler #Cy... https://t.co/mFy69eYvuN
@offseq
5 Aug 2025
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes