Main Vulnerability Database SB20250115109

SB20250115109 - Improper Authentication in sentry

Published: January 15, 2025 Updated: April 23, 2026

Security Bulletin ID SB20250115109

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authentication (CVE-ID: CVE-2025-22146)

The vulnerability allows a remote attacker to impersonate any user account.

The vulnerability exists due to improper authentication in the SAML SSO process when handling SAML authentication from a malicious identity provider across organizations on the same Sentry instance. A remote attacker can use a malicious SAML identity provider and another organization on the same Sentry instance to impersonate any user account.

The victim email address must be known to exploit this vulnerability. Instances configured to allow only a single organization are not affected.

Remediation

Install update from vendor's website.

SB20250115109 - Improper Authentication in sentry

Breakdown by Severity

Description

Remediation

References

Please verify you're human