CVE-2025-47151

Summary

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Entr’ouvertLasso2.5.1affected
Entr’ouvertLasso2.8.2affected

Weaknesses

  • CWE-843: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References