Overview

Zscaler has disclosed a critical vulnerability (CVE-2025-54982) in its Security Assertion Markup Language (SAML) authentication process, stemming from improper server-side cryptographic signature verification. This flaw could allow attackers to bypass authentication mechanisms and gain unauthorized access. While there are currently no confirmed reports of exploitation in the wild, the vulnerability represents a serious risk, particularly for organizations operating under FedRAMP Moderate and High standards.

 

Affected Devices

The vulnerability affects the Zscaler Internet Access (ZIA) platform within the following FedRAMP environments:

  • zscalergov.net
  • zpagov.net
  • zscalerten.net
  • zdxgov.net
  • zpagov.us
  • zdxten.net

All other Zscaler products have been confirmed as unaffected. Zscaler has completed remediation efforts across all impacted cloud environments.

 

Recommended Remediations

ctrl:cyber strongly recommends the following actions to mitigate risk:

  • Apply Zscaler’s patch to all affected SAML components within the ZIA platform without delay.
  • Rotate all credentials associated with affected SAML components as a precaution.
  • Enable multi-factor authentication (MFA) across all ZIA accounts.

Source