#VU126923 Improper Authentication in sentry - CVE-2025-22146
Published: January 15, 2025 / Updated: April 23, 2026
Vulnerability identifier: #VU126923
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-22146
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
sentry
sentry
Software vendor:
Sentry
Sentry
Description
The vulnerability allows a remote attacker to impersonate any user account.
The vulnerability exists due to improper authentication in the SAML SSO process when handling SAML authentication from a malicious identity provider across organizations on the same Sentry instance. A remote attacker can use a malicious SAML identity provider and another organization on the same Sentry instance to impersonate any user account.
The victim email address must be known to exploit this vulnerability. Instances configured to allow only a single organization are not affected.
Remediation
Install security update from vendor's website.