CVE-2025-54572
BaseFortify
Publication date: 2025-07-30
Last updated on: 2025-11-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| github | ruby-saml | 1.18.1 |
| github | ruby-saml | 1.18.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Ruby SAML library versions 1.18.0 and below. It is a denial-of-service (DoS) vulnerability caused because the SAML response is validated for Base64 format before checking the message size. This sequence allows an attacker to send a large Base64-encoded message that can exhaust system resources, even if the message_max_bytesize setting is configured. The issue is fixed in version 1.18.1.
How can this vulnerability impact me? :
The vulnerability can lead to denial-of-service conditions by exhausting system resources when processing specially crafted SAML responses. This can cause the affected application or service using the Ruby SAML library to become unresponsive or crash, disrupting normal operations.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Ruby SAML library to version 1.18.1 or later, as this version contains the fix for the denial-of-service vulnerability.