Full Report
Mendix SAML module contains a vulnerability that could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. Mendix has provided fix releases for the Mendix SAML module and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Account Hijacking in Mendix SAML Module via Signature Validation Bypass
## CVE Details
- CVE ID: CVE-2025-40758
- CVSS Score: 8.7 (High)
- CWE: CWE-347: Improper Verification of Cryptographic Signature
## Affected Systems
- Products: Mendix SAML Module (Mendix 9.24 compatible, Mendix 10.12 compatible, Mendix 10.21 compatible)
- Versions: All versions prior to V3.6.21 (for Mendix 9.24 compatible), V4.0.3 (for Mendix 10.12 compatible), and V4.1.2 (for Mendix 10.21 compatible).
- Configurations: Specific SSO configurations where signature validation and binding checks are not sufficiently enforced.
## Vulnerability Description
Affected versions of the Mendix SAML module exhibit insufficient enforcement of signature validation and binding checks. This flaw allows unauthenticated remote attackers, under specific Single Sign-On (SSO) configurations, to potentially hijack a user's account.
## Exploitation
- Status: Not specified to be exploited in the wild (Assume risk based on advisory)
- Complexity: High (Based on CVSS vector `AC:H` - Attack Complexity High, likely due to configuration dependence)
- Attack Vector: Network (Based on CVSS vector `AV:N`)
## Impact
- Confidentiality: High
- Integrity: High
- Availability: None (Based on CVSS vector `A:N`)
## Remediation
### Patches
Customers must update to the following versions or later:
- **Mendix 9.24 compatible:** Update to **V3.6.21** or later.
- **Mendix 10.12 compatible:** Update to **V4.0.3** or later.
- **Mendix 10.21 compatible:** Update to **V4.1.2** or later.
(Patches are available via the Mendix Marketplace link provided in the advisory.)
### Workarounds
- Ensure that the configuration setting **`UseEncryption` is enabled** to help reduce the risk associated with CVE-2025-40758.
## Detection
- **Indicators of Compromise:** Look for successful account takeovers or unauthorized access via the configured SAML SSO path without corresponding legitimate user authentication activity.
- **Detection Methods and Tools:** Standard network traffic analysis may reveal anomalous SAML artifact usage targeting the application endpoint, though the flaw details suggest relying on configuration hardening is the primary defence until patching.
## References
- Siemens Security Advisory SSA-395458: hxxps://cert-portal.siemens.com/productcert/html/ssa-395458.html
- Mendix Marketplace Link (for patches): hxxps://marketplace.mendix.com/link/component/1174