CVE-2025-54982

Published Aug 5, 2025

Last updated 2 months ago

CVSS critical 9.6
Zscaler Authentication Server

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-54982 is a vulnerability found in Zscaler Authentication Server, specifically affecting the SAML authentication mechanism. The vulnerability stems from an improper verification of the cryptographic signature on the server-side, which could lead to authentication abuse. The vulnerability is classified as a signature verification issue (CWE-347). Exploitation of this vulnerability is known to be easy and can be initiated remotely. Zscaler has released version 6.2r to address and eliminate this vulnerability.

Description
An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse.
Source
cve@zscaler.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.6
Impact score
5.8
Exploitability score
3.1
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Severity
CRITICAL

Weaknesses

cve@zscaler.com
CWE-347

Social media

Hype score
Not currently trending

  1. Critical flaws in Zscaler, Netskope, and Check Point zero trust platforms allow authentication bypass and privilege escalation. Zscaler patched CVE-2025-54982 cryptographic flaw. #ZeroTrustFlaws #AuthBypass #USA https://t.co/5BFctl8ZVK

    @TweetThreatNews

    14 Aug 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. מספר “חולשות”אבטחה למוצרי SASE נחשפו בכנס def con. בין המוצרים ניתן לראות את Zscaler , Netskope ו checkpoint. אין קשר בין "החולשות" ולמעשה כל אחת מהם היא "חולשה" בשם עצמה. https:/

    @NirRoitman

    11 Aug 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Check Point、Zscaler、Netskope各社のゼロトラスト製品に複数の重大な脆弱性。DEF CONでの発表。最も認証ナノはZscalerにおけるSAML認証回避のCVE-2025-54982。Netskopeはサーバ側の脆弱性にはCVEを発行しないポリシー。Check P

    @__kokumoto

    11 Aug 2025

    2234 Impressions

    7 Retweets

    47 Likes

    16 Bookmarks

    0 Replies

    1 Quote

  4. CVE-2025-54982 (CVSS:9.6, CRITICAL) is Awaiting Analysis. An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowe..https://t.co/zhdHlFmjNC #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    10 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Breaking Into Your Network? Zer0 Effort. - DEF CON 33 Overview and Advisory - Zscaler SAML Authentication Bypass (CVE-2025-54982). Following on from our DEF CON 33 presentation, the first two blog posts in our series on Zero Trust Network access abuse are now live. https://t.co/f

    @AmberWolfSec

    10 Aug 2025

    5329 Impressions

    23 Retweets

    51 Likes

    15 Bookmarks

    2 Replies

    0 Quotes

  6. Security Update: CVE-2025-54982 SAML 2.0 Public Key Validation Issue Zscaler has disclosed CVE-2025-54982 for an authentication bypass vulnerability within the SAML 2.0 implementation in the ZIA Platform. The issue has been remediated in all Zscaler Clouds and the Zscaler

    @Gussan_sec

    6 Aug 2025

    118 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-54982 Zscaler SAML Authentication Bypass via Improper Cryptographic Signature Verification https://t.co/t9QncuEBvV

    @VulmonFeeds

    5 Aug 2025

    136 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ⚠️⚠️ CVE-2025-54982(CVSS 9.6)Zscaler's server-side SAML authentication mechanism allowed authentication abuse due to improper cryptographic signature verification. 🎯3.6M+Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/A8rkH

    @fofabot

    5 Aug 2025

    4786 Impressions

    26 Retweets

    80 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  9. not much info about it but: 🟥 CVE-2025-54982, CVSS: 9.6 (#Critical) Zscaler SAML Authentication A critical vulnerability due to improper verification of cryptographic signatures in Zscaler's SAML authentication mechanism, allowing authentication abuse. #CyberSecurity #CVE

    @UjlakiMarci

    5 Aug 2025

    15469 Impressions

    26 Retweets

    134 Likes

    65 Bookmarks

    1 Reply

    3 Quotes

  10. CVE-2025-54982 An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse. https://t.co/WOlPjYbUYm

    @CVEnew

    5 Aug 2025

    632 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 CRITICAL: CVE-2025-54982 exposes Zscaler Authentication Server to signature verification bypass via SAML. Potential for auth abuse—patch info pending. Stay alert! https://t.co/JYucfWYJQ4 #OffSeq #Zscaler #Cy... https://t.co/mFy69eYvuN

    @offseq

    5 Aug 2025

    155 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.