CVE-2025-29774 - How the xml-crypto Library for Node.js May Let Attackers Bypass XML Signature Verification

CVE-2025-29774 is a serious security vulnerability discovered in the popular Node.js library xml-crypto, which is widely used by developers to verify XML digital signatures and provide encryption for sensitive applications. Introduced in versions before 6..1, 3.2.1, and 2.1.6, this flaw can let an attacker trick your application’s authentication or authorization system—by making it wrongly trust manipulated XML data. In this long-read, we’ll break down how the bug works, who’s at risk, real-world attack scenarios, examples, and what you should do right now to stay secure.

What is xml-crypto?

xml-crypto is a JavaScript library for Node.js designed for creating and verifying XML digital signatures. It’s commonly used in:

APIs integrating with third-party secure entities

See the project:
https://github.com/yaronn/xml-crypto

Description

In affected versions, xml-crypto fails to robustly check that the XML content you’re verifying matches exactly what was signed. As a result, attackers can modify a valid, signed XML message—such as an authentication token or SAML assertion—so it still passes the signature verification but says something very different than the sender intended.

This is often called a "XML Signature Wrapping" or "signature bypass" vulnerability.

Who Is at Risk?

If you use xml-crypto to verify signed XML in any authentication, authorization, or identity scenario, and haven’t patched to the latest version—you may be at risk.

Setup

Example use case:
You run a Node.js server that accepts SAML tokens (XML-based) to allow users to log in as themselves.

You trust that only the real identity provider (IdP) can sign and send these SAML assertions.

Modifies the XML to change the username to "alice@example.com"

- Exploits the bug in xml-crypto to bypass the signature check—the system still considers the manipulated token as valid!

Why Does This Work?

xml-crypto wasn’t reliably checking that the exact critical attributes in the signed XML (like username, roles, entitlements) remained unaltered after signing,
opening the door to all sorts of abuse.

Vulnerable Node.js server code before patch

const { SignedXml } = require('xml-crypto');

function verifyXMLSignature(xmlString, publicKey) {
  const sig = new SignedXml();
  sig.keyInfoProvider = {
    getKey: () => publicKey
  };
  sig.loadSignature(xmlString);
  return sig.checkSignature(xmlString);  // <-- vulnerable!
}

bob@example.com
...

alice@example.com

...

Send the fake XML to the target application.

The legacy library code may still verify this as valid, but the app now thinks the attacker is Alice instead of Bob.

User Impersonation: Act as another user

- Bypass Authorization: Perform actions restricted to other roles/groups

Patch & Mitigation

Good News:
The library’s authors have patched the bug quickly.

For 2.x, upgrade to 2.1.6 or later

Link to fix:
xml-crypto changelog

Verify after upgrade:

Rerun your SAML/auth tests!

References & Further Reading

- NVD Entry: CVE-2025-29774
- xml-crypto GitHub
- Full Disclosure: xml-crypto authentication bypass (check for any added post-mortem)
- OWASP: XML Signature Wrapping Attacks

In Summary

CVE-2025-29774 is very dangerous if you rely on xml-crypto for anything related to authentication or user rights. Don’t assume digital signatures guarantee document integrity unless the verification logic is solid. Upgrade today, and consider extra input validation for XML you process in security-sensitive applications.

*If you found this useful, please share with teammates and update your code dependencies!*

Timeline

Published on: 03/14/2025 17:15:52 UTC
Last modified on: 03/15/2025 21:15:35 UTC