CVE-2025-59270
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-59270
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-59270.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-59270
- Published
- 2025-09-16T15:15:46Z
- Modified
- 2025-09-18T04:48:35.684114Z
- Summary
- [none]
- Details
-
psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.209.
- References
-
- https://github.com/pspete/psPAS/commit/2a8b1b4bc001bec9969ea512ed83386ed3e0b8f8#diff-e40bf02e86c8a8babbb20529ecaef6a069d8b5ea21701dca429dce78181109a7L37-R75
- https://github.com/pspete/psPAS/releases/tag/v7.0.209
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-258-01.json
- https://www.cve.org/CVERecord?id=CVE-2025-59270
Affected packages
Git / github.com/pspete/pspas
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pspete/pspas
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
v3.*
v3.5.0
v3.5.8
v4.*
v4.0.0
v4.1.11
v4.2.26
v4.3.62
v4.3.65
v4.4.71
v4.5.87
v4.5.90
v5.*
v5.0.0
v5.1.16
v5.1.21
v5.1.37
v5.1.44
v5.2.52
v5.2.54
v5.2.59
v5.3.69
v5.3.76
v5.4.101
v5.4.94
v5.5.110
v5.6.135
v6.*
v6.0.18
v6.0.2
v6.0.21
v6.0.30
v6.0.4
v6.1.50
v6.1.62
v6.2.68
v6.3.78
v6.4.80
v6.4.85