Last Week in AppSec for 04. November 2025

This Checkmarx bulletin calls out two security issues: a SAML replay vulnerability in the Jenkins SAML Plugin that can allow attackers to replay captured assertions and impersonate users, and a regression in Apache Tomcat's RewriteValve that mishandles URL decoding and normalization, enabling path traversal and potentially RCE in certain configurations; the report lists affected versions, detection commands, and recommends upgrading to patched releases and reviewing configurations and permissions as mitigations.