Critical authentication bypass vulnerabilities (CVE-2025-25291 and CVE-2025-25292) were identified in the ruby-saml library up to version 1.17.0, allowing attackers to construct SAML assertions and potentially perform account takeovers. These issues arise from a parser differential vulnerability, where the library's use of two different XML parsers, REXML and Nokogiri, during signature verification can be exploited to bypass authentication. Although GitHub does not currently use ruby-saml for authentication, it has initiated a private bug bounty program to assess its security as it considers returning to using open-source SAML authentication libraries. The vulnerability was notably discovered in GitLab, prompting a notification to their security team. Users are advised to update to ruby-saml version 1.18.0 to mitigate these vulnerabilities, and related libraries should also be updated accordingly. The discovery and exploitation of these vulnerabilities underscore the complexities and risks associated with using multiple parsers in security-sensitive contexts and highlight the importance of maintaining a direct connection between hashed content, the hash, and the signature in SAML implementations.