CVE-2025-46784
HIGHDescription
A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
Is your site exposed to CVE-2025-46784?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| entrouvert | lasso |
References
Frequently Asked Questions
What is CVE-2025-46784? +
How severe is CVE-2025-46784? +
What products are affected by CVE-2025-46784? +
How do I check if I'm vulnerable to CVE-2025-46784? +
Related Vulnerabilities
A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability …
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when …
Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker who controls a rendered …
imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall …
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall …