CVE-2025-46784
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-46784, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-05

Last updated on: 2025-11-07

Assigner: Talos

Description

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-05
Last Modified
2025-11-07
Generated
2026-07-06
AI Q&A
2025-11-05
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
entrouvert lasso 2.5.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a denial of service issue in the lasso_node_init_from_message_with_format function of Entr'ouvert Lasso 2.5.1. It occurs when an attacker sends a specially crafted, malformed SAML response that causes memory depletion, leading to a denial of service condition.

Impact Analysis

The impact of this vulnerability is a denial of service, which means an attacker can cause the affected system to become unavailable or unresponsive by sending a malformed SAML response that depletes memory resources.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-46784. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart