HIGH Score: 7.5/10

Vulnerability Summary

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Technical Analysis

  • CVE ID: CVE-2025-46784
  • Published: 2025-11-05T15:15:39.030
  • Status: Active

How to Fix & Protect

The primary mitigation is to update the affected software immediately. Check the vendor's official security advisory for the latest patch.

Mitigation: If a patch is not available, restrict network access to the vulnerable component or disable the service.

Sponsored Stories
Newer Older