CVE-2025-25293

{"id": "CVE-2025-25293", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-12T21:15:42.363", "references": [{"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20250314-0008/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue."}, {"lang": "es", "value": "ruby-saml proporciona inicio de sesi\u00f3n \u00fanico (SSO) con lenguaje de marcado para aserciones de seguridad (SAML) para Ruby. En versiones anteriores a la 1.12.4 y la 1.18.0, ruby-saml era susceptible a ataques de denegaci\u00f3n de servicio (DoS) remotos con respuestas SAML comprimidas. ruby-saml utiliza zlib para descomprimir las respuestas SAML en caso de que est\u00e9n comprimidas. Es posible omitir la comprobaci\u00f3n del tama\u00f1o del mensaje con una aserci\u00f3n comprimida, ya que el tama\u00f1o del mensaje se comprueba antes del inflado, no despu\u00e9s. Este problema puede provocar ataques de denegaci\u00f3n de servicio (DoS) remotos. Las versiones 1.12.4 y 1.18.0 solucionan el problema."}], "lastModified": "2025-11-03T20:17:59.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "AB57A4CB-E546-42D7-AB8D-D86E979C80C1", "versionEndExcluding": "1.10.6"}, {"criteria": "cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "58E37D56-71A9-417D-B0DD-EBDC2EA3855F", "versionEndExcluding": "2.1.3", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "9549FF35-D7A0-446A-87C8-552C8D89CD92", "versionEndExcluding": "2.2.3", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB0F9A57-0F32-4ECC-97B4-1F87DD7D7FD6", "versionEndExcluding": "1.12.4"}, {"criteria": "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "455E8699-D6C2-4BFF-B4FD-2329E0F1E910", "versionEndExcluding": "1.18.0", "versionStartIncluding": "1.13.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}