CVE-2025-46404
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-05

Last updated on: 2025-11-07

Assigner: Talos

Description
A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-05
Last Modified
2025-11-07
Generated
2026-06-16
AI Q&A
2025-11-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-46404
EUVD
EUVD-2025-37770
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
entrouvert lasso 2.5.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The impact of this vulnerability is a denial of service, meaning an attacker can cause the affected system to become unavailable or unresponsive by sending a malformed SAML response. This can disrupt normal operations and potentially affect availability of services relying on Entr'ouvert Lasso 2.5.1.

Executive Summary

This vulnerability is a denial of service issue in the lasso_provider_verify_saml_signature function of Entr'ouvert Lasso 2.5.1. It occurs when an attacker sends a specially crafted, malformed SAML response that triggers the vulnerability, causing the service to become unavailable.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-46404. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart