{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-46404", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2025-05-07T13:20:20.998Z", "datePublished": "2025-11-05T14:56:59.671Z", "dateUpdated": "2025-11-05T22:36:18.932Z"}, "containers": {"cna": {"affected": [{"vendor": "Entr'ouvert", "product": "Lasso", "versions": [{"version": "2.5.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-476: NULL Pointer Dereference", "type": "CWE", "cweId": "CWE-476"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-11-05T22:36:18.932Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2194", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2194"}], "credits": [{"lang": "en", "value": "Discovered by Keane O'Kelley of and another member of Cisco Advanced Security Initiative Group"}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2194"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-05T17:04:15.490Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-05T19:01:39.210614Z", "id": "CVE-2025-46404", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T19:01:48.480Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2194"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-05T17:04:15.490Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46404", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-05T19:01:39.210614Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T19:01:43.969Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Keane O'Kelley of and another member of Cisco Advanced Security Initiative Group"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Entr'ouvert", "product": "Lasso", "versions": [{"status": "affected", "version": "2.5.1"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2194", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2194"}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-11-05T22:36:18.932Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46404", "state": "PUBLISHED", "dateUpdated": "2025-11-05T22:36:18.932Z", "dateReserved": "2025-05-07T13:20:20.998Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2025-11-05T14:56:59.671Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:entrouvert:lasso:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "7177DC8A-9874-45BA-BC80-17604D8A0875", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability."}], "id": "CVE-2025-46404", "lastModified": "2025-11-07T18:12:18.387", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "talos-cna@cisco.com", "type": "Primary"}]}, "published": "2025-11-05T15:15:37.843", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory", "Exploit"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2194"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{"bugzilla": {"description": "lasso: Denial of service in Entr'ouvert Lasso", "id": "2412741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412741"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-476", "details": ["A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-46404", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "lasso", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-05T14:56:59Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-46404\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-46404\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2025-2194\nhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2194"], "statement": "This flaw describes an availability impact which is limited on Red Hat products to the active application.", "threat_severity": "Moderate"}

{"created": "2025-11-06T10:07:08.257947+00:00", "updated": "2025-11-06T10:07:08.257974+00:00", "vendors": ["entrouvert", "entrouvert$PRODUCT$lasso"]}