Siemens Mendix SAML Vulnerability Requires Urgent Patching

Image credit: Photo by Rebecca Wang / CC BY 4.0

Security groups should know that CISA dropped an alert about a critical flaw in Siemens Mendix SAML modules, hitting a base score of about 8.7 on the CVSS scale—this one can really mess things up by letting attackers skip signature validation in SSO setups. CVE-2025-40758 practically destroys the cryptographic verification meant to protect SAML assertions, so attackers can exploit this by taking over accounts remotely without any user effort if your exposed SSO endpoints exist.

CVE-2025-40758 impacts several versions: before V3.6.21 in Mendix 9.24, and V4.0.3 in Mendix 10.12 (not to mention V4.1.2 in Mendix 10.21). What’s worrying is that Mendix platforms are deeply entrenched in critical setups, so we’re not just talking about small-time web apps—picture this affecting giant industrial systems and crucial applications.

Patch to those fixed versions. Security should ensure “UseEncryption” is flipped on in SAML setups because apparently that’s crucial even post-update. Vulnerability arises from weak signature validation checks, which essentially makes your authentication collapse—exposing endpoints need to be shielded with network controls fast.

Good news isn’t here yet (public exploits are still undercover) but given this flaw’s core nature, it’s only a tick-tock before it’s weaponized. Look into Siemens advisory SSA-395458 for the intricate details and give your Mendix setups a once-over—it’s something you’d rather not discover during the panic of incident response.