HIGH
Score: 7.5/10
Vulnerability Summary
A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
Technical Analysis
- CVE ID: CVE-2025-46705
- Published: 2025-11-05T15:15:38.530
- Status: Active
How to Fix & Protect
The primary mitigation is to update the affected software immediately. Check the vendor's official security advisory for the latest patch.
Mitigation: If a patch is not available, restrict network access to the vulnerable component or disable the service.