All news with #mendix tag

Siemens Mendix SAML Module: Signature Verification Flaw

⚠️ The Siemens Mendix SAML module contains an improper verification of cryptographic signature that can be exploited remotely and has been assigned CVE-2025-40758 with a CVSS v3.1 base score of 8.7. Affected versions prior to V3.6.21, V4.0.3, and V4.1.2 (depending on Mendix compatibility) may allow unauthenticated attackers to hijack accounts in specific SSO configurations. Siemens recommends updating to the fixed versions, enabling UseEncryption, and reducing network exposure using firewalls and secure VPNs.