What is the severity of CVE-2025-46573?

CVE-2025-46573 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2025-46573?

No known public exploits are currently available for CVE-2025-46573.

Is there a patch available for CVE-2025-46573?

Yes, patches are available for CVE-2025-46573. Check the vendor advisories for update instructions.

CVE-2025-46573 - CVE Details, Severity, and Analysis

Q: What is CVE-2025-46573?

### Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. ### Am I Affected? You are affected by this SAML Attribute Smuggling vulnerability if you are using `passport-wsfed-saml2` version 4.6.3 or below, specifically under the following conditions: 1. The service provider is using `passport-wsfed-saml2`, 2. A valid SAML Response signed by the Identity Provider can be obtained ### Fix Upgrade to v4.6.4 or greater.

Overview

This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response.

Am I Affected?

You are affected by this SAML Attribute Smuggling vulnerability if you are using passport-wsfed-saml2 version 4.6.3 or below, specifically under the following conditions:

The service provider is using passport-wsfed-saml2,
A valid SAML Response signed by the Identity Provider can be obtained

Fix

Upgrade to v4.6.4 or greater.