CVE-2025-8662
Published:
Severity Rating:
CVSS Score:
Affected Products:
September 2, 2025
/
Updated: September 2, 2025
Severity Rating:
Low
CVSS Score:
2.3
Affected Products:
OpenAM 14.0.1 or earlier
Description
OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.
Impact
Tampering with request parameters may modify OpenAM’s internal cache, causing the SAML IdP to not function properly.
Solution
The OpenAM Consortium has released OpenAM 14.0.2, which addresses the vulnerability. Please update to the released OpenAM version.
Workaround
In the “Trust Circle” settings under “Integration” in OpenAM (OpenAM Consortium Edition), only one trust circle can be configured.