CVE-2025-47151

Critical CVSS: 9.8

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Vendor

Entrouvert

Product

Lasso

CWE

CWE-843

Yayın Tarihi

2025-11-05 15:15:39

Güncelleme

2025-11-07 19:53:04

Source Identifier

talos-cna@cisco.com

KEV Date Added

Kategoriler

CWE-843 Lasso CRITICAL Entrouvert 2025

Referanslar

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2193 https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2193

Benzer Kayıtlar

High

CVE-2025-46784

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouver…

High

CVE-2025-46705

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.…

High

CVE-2025-46404

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert La…