Improper Authentication in sentry - CVE-2025-22146
Published: January 15, 2025 / Updated: April 23, 2026
Vulnerability identifier: #VU126923
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-22146
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Sentry
Affected software:
sentry
sentry
Detailed vulnerability description
The vulnerability allows a remote attacker to impersonate any user account.
The vulnerability exists due to improper authentication in the SAML SSO process when handling SAML authentication from a malicious identity provider across organizations on the same Sentry instance. A remote attacker can use a malicious SAML identity provider and another organization on the same Sentry instance to impersonate any user account.
The victim email address must be known to exploit this vulnerability. Instances configured to allow only a single organization are not affected.
How to mitigate CVE-2025-22146
Install security update from vendor's website.