Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| simplesamlphp | simplesamlphp-module-casserver | affected |
|
Configuration 1 [-]
|
No data.
| Vendor | Product | Confidence | Versions | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Simplesamlphp | Simplesamlphp-module-casserver | 100% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-cvrm-5hp6-h523 | SimpleSAMLphp casserver: Open Redirect in logout |
Wed, 27 May 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:simplesamlphp:simplesamlphp-casserver:7.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:simplesamlphp:simplesamlphp_casserver:7.0.0:rc1:*:*:*:*:*:* |
cpe:2.3:a:simplesamlphp:simplesamlphp-module-casserver:*:*:*:*:*:*:*:* cpe:2.3:a:simplesamlphp:simplesamlphp-module-casserver:7.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:simplesamlphp:simplesamlphp-module-casserver:7.0.0:rc2:*:*:*:*:*:* |
| Vendors & Products |
Simplesamlphp simplesamlphp-casserver
Simplesamlphp simplesamlphp Casserver |
Thu, 21 May 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Simplesamlphp simplesamlphp-casserver
Simplesamlphp simplesamlphp Casserver |
|
| CPEs | cpe:2.3:a:simplesamlphp:simplesamlphp-casserver:*:*:*:*:*:*:*:* cpe:2.3:a:simplesamlphp:simplesamlphp-casserver:7.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:simplesamlphp:simplesamlphp_casserver:7.0.0:rc1:*:*:*:*:*:* |
|
| Vendors & Products |
Simplesamlphp simplesamlphp-casserver
Simplesamlphp simplesamlphp Casserver |
|
| Metrics |
cvssV3_1
|
Tue, 19 May 2026 08:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Simplesamlphp
Simplesamlphp simplesamlphp-module-casserver |
|
| Vendors & Products |
Simplesamlphp
Simplesamlphp simplesamlphp-module-casserver |
Mon, 18 May 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 18 May 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0. | |
| Title | SimpleSAMLphp-casserver has an Open Redirect vulnerability via logout | |
| Weaknesses | CWE-601 | |
| References |
|
|
| Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-05-18T20:28:06.383Z
Reserved: 2025-11-18T16:14:56.693Z
Link: CVE-2025-65954
Vulnrichment
Updated: 2026-05-18T20:26:13.101Z
NVD
Status : Analyzed
Published: 2026-05-18T20:16:36.980
Modified: 2026-06-17T09:56:08.560
Link: CVE-2025-65954
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-21T23:15:17Z