CVE-2025-46404
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-46404, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-05

Last updated on: 2025-11-07

Assigner: Talos

Description

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-05
Last Modified
2025-11-07
Generated
2026-07-06
AI Q&A
2025-11-05
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
entrouvert lasso 2.5.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

The impact of this vulnerability is a denial of service, meaning an attacker can cause the affected system to become unavailable or unresponsive by sending a malformed SAML response. This can disrupt normal operations and potentially affect availability of services relying on Entr'ouvert Lasso 2.5.1.

Executive Summary

This vulnerability is a denial of service issue in the lasso_provider_verify_saml_signature function of Entr'ouvert Lasso 2.5.1. It occurs when an attacker sends a specially crafted, malformed SAML response that triggers the vulnerability, causing the service to become unavailable.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-46404. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart