CVE-2025-46784
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-05

Last updated on: 2025-11-07

Assigner: Talos

Description
A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-05
Last Modified
2025-11-07
Generated
2026-06-16
AI Q&A
2025-11-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-46784
EUVD
EUVD-2025-37769
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
entrouvert lasso 2.5.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a denial of service issue in the lasso_node_init_from_message_with_format function of Entr'ouvert Lasso 2.5.1. It occurs when an attacker sends a specially crafted, malformed SAML response that causes memory depletion, leading to a denial of service condition.

Impact Analysis

The impact of this vulnerability is a denial of service, which means an attacker can cause the affected system to become unavailable or unresponsive by sending a malformed SAML response that depletes memory resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-46784. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart