## https://sploitus.com/exploit?id=EF41786D-E29E-5093-AEDD-759AE5BAA17E
# SAMLStorm (CVE-2025-29775) Lab Environment
This is a lab environment for demonstrating the SAMLStorm vulnerability (CVE-2025-29775) that affects the xml-crypto library and SAML implementations in Node.js. (Note: This is not a true exploitation of the vulnerability, just a recreation to demonstrate how the vulnerability could work.)
## Components
- **Service Provider**: A vulnerable SAML service provider using @node-saml/node-saml
- **Identity Provider**: A simple mock SAML identity provider
- **Exploit Tool**: A web interface to demonstrate the vulnerability
## Setup
1. Make sure you have Node.js installed
2. Run the setup script:
```
python start-lab.py
```
This will:
- Generate necessary certificates
- Install dependencies
- Start all three components in separate terminals
## Usage
1. Go to the Service Provider: http://localhost:3000
2. Click "Login with SAML"
3. Enter credentials at the Identity Provider
4. Intercept the SAML response using browser dev tools or a proxy
5. Use the Exploit Tool at http://localhost:8000 to modify the response
6. Submit the modified response to demonstrate the vulnerability
## Vulnerability Details
The SAMLStorm vulnerability (CVE-2025-29775) affects the xml-crypto library, which is used by many SAML implementations in the Node.js ecosystem. The vulnerability allows attackers to bypass signature verification by inserting comments within the DigestValue element of a SAML response.
For more information:
- https://nvd.nist.gov/vuln/detail/CVE-2025-29775
- https://workos.com/blog/samlstorm