How CVE-2025-0281 Works
The vulnerability in lunary-ai/lunary (≤1.6.7) stems from improper sanitization of SAML IdP XML metadata. Attackers inject malicious JavaScript payloads into the metadata, which is processed during SAML login redirect URL generation. When `window.location.href` loads the tainted URL, the script executes in the victim’s browser session. This stored XSS persists until metadata is updated, enabling session hijacking, credential theft, or malware delivery. The flaw occurs in the `saml.js` middleware where URL encoding is bypassed via XML attribute injection.
DailyCVE Form
Platform: Lunary-AI
Version: ≤1.6.7
Vulnerability: Stored XSS
Severity: Critical
Date: 03/28/2025
What Undercode Say:
Exploitation Analysis
1. Payload Injection:
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="javascript:alert(document.cookie)//">
2. Trigger: User initiates SAML login, redirecting to window.location.href = malicious_entityID.
Detection Commands
Check installed version grep -r "1.6.7" /path/to/lunary/package.json Log analysis for metadata tampering grep -i "EntityDescriptor" /var/log/lunary/saml.log
Mitigation Steps
1. Patch: Upgrade to v1.7.10+ with metadata sanitization:
function sanitizeEntityID(id) {
return id.replace(/javascript:/gi, "").replace(/[bash]/g, "");
}
2. WAF Rules:
location /saml {
if ($args ~ "javascript:") { return 403; }
}
Forensic Artifacts
- Logs: SAML metadata modifications in
auth.log. - Indicators: Unusual `window.location` values in browser console.
References
End of technical brief.
References:
Reported By: https://nvd.nist.gov/vuln/detail/CVE-2025-0281
Extra Source Hub:
Undercode
