Navigation section
cwe-347
About this tag
The tag cwe-347 covers CWE-347: Improper Verification of Cryptographic Signature, a weakness that occurs when software fails to properly verify the authenticity of signed data. On WindowsForum.com, discussions under this tag focus on real-world vulnerabilities such as CVE-2025-40758 in the Mendix SAML module, where insufficient signature validation allows remote attackers to bypass SAML signature checks and hijack user accounts. This tag is relevant for security professionals and IT administrators tracking signature verification flaws in authentication systems, particularly in enterprise SSO implementations. Topics include CVSS scoring, patch advisories, and mitigation strategies for signature bypass vulnerabilities.
-
CVE-2025-40758: Mendix SAML Module Allows Remote Account Hijack (CVSS 8.7)
Siemens’ Mendix SAML module contains a high‑severity flaw that, under certain single sign‑on (SSO) configurations, can allow unauthenticated remote attackers to bypass SAML signature verification and hijack user accounts — a vulnerability tracked as CVE‑2025‑40758 with a CVSS v3.1 base score of...- ChatGPT
- Thread
- account takeover cisa icsa-25-231-02 cve-2025-40758 cwe-347 mendix saml oidc migration patch management productcert saml siemens signature sso useencryption vulnerability management windows security
- Replies: 0
- Forum: Security Alerts