psPAS PowerShell module does not explicitly enforce TLS 1.2 within the 'Get-PASSAMLResponse' function during the SAML authentication process. An unauthenticated attacker in a 'Man-in-the-Middle' position could manipulate the TLS handshake and downgrade TLS to a deprecated protocol. Fixed in 7.0.209.

Related CVEs

CVE-2025-59270

Key Information

GHSA ID

GHSA-9f77-473j-cjg2

Published

September 16, 2025 3:32 PM

Last Modified

September 16, 2025 3:32 PM

CVSS Score

2.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 19, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.