CVE-2025-25293

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released", "name": "https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released", "tags": ["Patch"], "refsource": ""}, {"url": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials", "name": "https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials", "tags": ["Exploit", "Third Party Advisory"], "refsource": ""}, {"url": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv", "name": "https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a", "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a", "tags": ["Patch"], "refsource": ""}, {"url": "https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1", "name": "https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1", "tags": ["Patch"], "refsource": ""}, {"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4", "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4", "tags": ["Release Notes"], "refsource": ""}, {"url": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0", "name": "https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0", "tags": ["Release Notes"], "refsource": ""}, {"url": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq", "name": "https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://security.netapp.com/advisory/ntap-20250314-0008/", "name": "https://security.netapp.com/advisory/ntap-20250314-0008/", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-25293", "ASSIGNER": "security-advisories@github.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2025-03-12T21:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.10.6"}, {"cpe23Uri": "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.12.4"}, {"cpe23Uri": "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.18.0", "versionStartIncluding": "1.13.0"}, {"cpe23Uri": "cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.1.3", "versionStartIncluding": "2.0.0"}, {"cpe23Uri": "cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:ruby:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.2.3", "versionStartIncluding": "2.2.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-01T14:45Z"}