ProjectDiscovery contributors submitted new Nuclei detection templates for two newly tracked vulnerabilities: CVE-2025-27364, described as an unauthenticated remote code execution flaw in MITRE Caldera, and CVE-2025-25291, an authentication bypass issue in ruby-saml affecting GitLab SAML SSO deployments. The references indicate both issues were significant enough to prompt rapid addition of scanning coverage in the public nuclei-templates repository.
Available details remain limited because the source material is drawn from GitHub pull request metadata rather than full advisories, but the vulnerability labels point to potentially high-impact exposure in identity and adversary-emulation infrastructure. Security teams using GitLab SAML single sign-on or MITRE Caldera should track vendor guidance, validate exposure to CVE-2025-25291 and CVE-2025-27364, and prepare to use updated detection content as part of vulnerability assessment workflows.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
A reference described CVE-2025-27364 as an unauthenticated remote code execution vulnerability affecting MITRE Caldera. The available content was limited to a pull request context and did not include exploitation details, impact scope, or patch information.
A reference associated CVE-2025-25291 with an authentication bypass vulnerability in ruby-saml impacting GitLab SAML single sign-on. No further technical details, affected versions, or remediation information were provided in the source fragment.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
github.com
Open sourcegithub.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.