The SimpleSAMLphp-casserver module is vulnerable to path traversal and remote code execution, requiring an immediate update to version 7.0.3.

The vulnerability stems from improper input validation and path construction in the file-based ticket storage. Attackers can use path traversal sequences like ../target.serialized to read and unserialize files outside the intended directory, facilitating remote code execution.

The CVSS score of 8.6 reflects the severe risk of remote code execution, which could allow an attacker to gain full control over the underlying server. This could lead to a complete compromise of authentication services, data exfiltration, and significant reputational damage to organizations relying on this CAS implementation.

Immediate Action: Update the SimpleSAMLphp-casserver module to version 7.0.3 or higher immediately.

Proactive Monitoring: Monitor server logs for suspicious file access patterns, particularly those involving directory traversal sequences or attempts to access serialized files outside the designated ticket storage directory.

Compensating Controls: Implement a Web Application Firewall (WAF) with rules configured to block path traversal attempts and suspicious serialized data patterns.

Public Exploit Available: true

The presence of a public exploit significantly increases the risk of active targeting. Security teams should prioritize patching this vulnerability immediately to prevent unauthorized access and potential system takeover.