CVE-2025-46404

High CVSS: 7.5

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Vendor

Entrouvert

Product

Lasso

CWE

CWE-476

Yayın Tarihi

2025-11-05 15:15:37

Güncelleme

2025-11-07 18:12:18

Source Identifier

talos-cna@cisco.com

KEV Date Added

Kategoriler

CWE-476 Lasso HIGH Entrouvert 2025

Referanslar

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2194 https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2194

Benzer Kayıtlar

High

CVE-2025-46784

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouver…

Critical

CVE-2025-47151

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1…

High

CVE-2025-46705

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.…