Skip to main content

Illumio Security Advisories

  • Illumio Security Advisories
  • March 2025 Security Advisories

March 2025 Security Advisories

Here's a list of the security advisories for 2025.

Ruby SAML Gem Component Authentication Bypass Vulnerability

The Ruby SAML gem is affected by an authentication bypass vulnerability. This impacts the Illumio PCE in both SaaS and on-premises deployments. An authenticated attacker could potentially leverage this vulnerability to authenticate as another SAML user.

For SaaS customers, the target user could be in a different organization and on a different cluster.

Important

No action is required for SaaS PCE customers.

Severity

High: CVSS score is 8.8

CVSS: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

Affected Products and Patch Information

Security vulnerabilities addressed by this Security Alert affect the products listed below.

Table 1. Products Affected by the Security Vulnerability

Affected Products

Affected Versions

Fixed Version

Illumio Core PCE

24.2.20

24.2.21

23.5.31

23.5.32

23.2.31

23.2.32

22.5.34

22.5.35

22.2.43

22.2.44



Resolution

Upgrade to the latest release for a given major version.

References

Skipped Critical Patch Updates

Illumio strongly recommends that you apply the security patches as soon as possible. If you skipped one or more Critical Patch Updates and are concerned about products that do not have security patches announced in this update, review the previous advisories to determine appropriate actions.

Frequently Asked Questions

  • What software components are affected?

    Only the Illumio PCE is impacted by this vulnerability.

  • Is Core SaaS affected?

    SaaS PCE clusters were impacted. Those environments have been patched.

  • I’m using CloudSecure. Am I impacted?

    The CloudSecure platform is not affected.

  • Will the patch affect performance?

    The update is not expected to affect performance.

  • Has Illumio investigated if this vulnerability was used on any SaaS PCEs?

    Illumio is currently investigating all available data from the production SaaS environment and has so far found no indications that the issue has been exploited.

  • I can’t apply the patch immediately. How can I mitigate the issue in the meantime?

    This vulnerability requires SAML to be enabled on the customers PCE in order to be exploited. Customers who cannot patch their PCEs immediately, and who wish to mitigate this issue, can choose to disable SAML authentication on their PCE. For details see the "Authentication" topic in the PCE Administration Guide.

    • Additionally, customers can Enable Source IP restrictions to limit access to trusted source IPs (for example, for privileged accounts). See the topic "Configure Access Restrictions and Trusted Proxy IPs" in the PCE Administration Guide.

  • How long will the upgrade take?

    The fix will be provided in a normal code release so this will take the same amount of time as any PCE upgrade.

  • Were any Illumio customers impacted by this vulnerability?

    Illumio is not aware of any exploitation of this vulnerability within any customer environments.

Modification History

  • March, 2025: Initial Publication of CVE