Introduction
Account hijacking in enterprise Single Sign On environments can lead to unauthorized access to sensitive business applications and data. A recent vulnerability in the Siemens Mendix SAML module (CVE-2025-40758) exposes organizations to this risk by allowing attackers to bypass signature validation in SAML authentication flows.
Siemens is a global leader in industrial automation and digitalization, with Mendix as its flagship low-code application platform. Mendix is widely used in critical infrastructure sectors, making vulnerabilities in its authentication modules particularly impactful for large enterprises and public sector organizations.
Technical Information
CVE-2025-40758 is a flaw in the Mendix SAML module's enforcement of signature validation and binding checks. Specifically, the module does not sufficiently verify the cryptographic signature on SAML assertions or responses. This improper verification, categorized as CWE-347, allows an unauthenticated remote attacker to craft SAML messages that bypass signature validation. In vulnerable SSO configurations, this can result in full account hijacking without any user interaction.
The vulnerability is present in the core SAML authentication logic and affects all Mendix SAML modules prior to the fixed versions. The attack surface includes any network-accessible SAML endpoints configured for SSO. No user interaction is required for exploitation, and the flaw is remotely exploitable. No public code snippets or PoC are available for this issue.
Affected Systems and Versions
- Mendix SAML (Mendix 9.24 compatible): All versions before V3.6.21
- Mendix SAML (Mendix 10.12 compatible): All versions before V4.0.3
- Mendix SAML (Mendix 10.21 compatible): All versions before V4.1.2
Vulnerable configurations include any SSO setup using the affected SAML modules.
Vendor Security History
Siemens Mendix SAML modules have previously been affected by similar authentication and signature validation vulnerabilities. For example, CVE-2023-25957 involved insufficient assertion verification and was rated with a high CVSS score. Siemens typically responds with advisories and patches via its ProductCERT process. However, the recurrence of SAML-related flaws suggests ongoing architectural and implementation challenges in this area.
