CVE-2025-46784

Summary

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Entr’ouvertLasso2.5.1affected

Weaknesses

  • CWE-401: CWE-401: Improper Release of Memory Before Removing Last Reference

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References