CVE Alert: CVE-2025-46404 - Entr'ouvert - Lasso

CVE-2025-46404

HIGHNo exploitation known

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

CVSS v3.1 (7.5)

AV NETWORK · AC LOW · PR NONE · UI NONE · S UNCHANGED

Vendor

Entr’ouvert

Product

Lasso

Versions

2.5.1

CWE

CWE-476, CWE-476: NULL Pointer Dereference

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published

2025-11-05T14:56:59.671Z

Updated

2025-11-05T22:36:18.932Z

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2194

AI Summary Analysis

**Risk verdict** High risk of remote denial of service against Entr'ouvert Lasso 2.5.1 via crafted SAML responses; no user interaction required.

**Why this matters** The impact is service availability rather than data breach, which can disrupt authentication flows and degrade access for users and partners. In environments reliant on SAML-based SSO, a DoS condition can cascade to broader business disruption, especially during peak login windows or peak partner activity.

**Most likely attack path** An external attacker targets a publicly exposed SAML endpoint. With network access and no privileges or user interaction, they can trigger a NULL pointer dereference in the SAML processing code, potentially crashing the service and causing DoS. The CVSS metrics support a network-based, low-competition path with high availability impact and no requirement for authentication.

**Who is most exposed** Organisations running on-premises or cloud-hosted Lasso deployments where the SAML endpoint is reachable by external networks or partner IdPs; typical in enterprises using Lasso as an SSO broker or IdP/SP integration.

Detection ideas

Sudden service crashes or elevated memory/CPU on the Lasso host
Error logs showing NULL pointer dereference in SAML verification
spikes in SAML endpoint requests without corresponding logins
Crash dumps or stack traces tied to lasso_provider_verify_saml_signature
Unexplained login service unavailability during sustained SAML activity

Mitigation and prioritisation

Apply vendor patch/upgrade to fixed version; verify compatibility in staging before production.
Implement WAF rules to validate SAML responses and rate-limit the SAML endpoint; restrict exposure to trusted IdPs.
Review change-management windows and notify stakeholders; plan a controlled upgrade.
Consider temporary disabling or sandboxing of SAML verification if feasible until patch is deployed.
If KEV or EPSS data indicate exploitation likelihood (not present here), treat as priority 1.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: CVE, cve-2025-46404, entr-ouvert, lasso, OSINT, threatintel