A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.
The type confusion error (CWE-843) occurs in the lasso_node_impl_init_from_xml function, responsible for parsing XML nodes during SAML response processing. An attacker sends a maliciously modified SAML response that causes the library to treat a given object as a different type than it actually is — leading to unpredictable code execution. The error requires no privileges or prior authentication, making it trivial to trigger remotely over the network.
An attacker can achieve remote code execution (RCE) on a system processing SAML responses, which may result in complete server takeover, including violation of data confidentiality, integrity, and availability.
Apply patches available from the vendor according to references (Talos Intelligence report TALOS-2025-2193). As a workaround until updates are applied, it is recommended to restrict acceptance of SAML responses exclusively from trusted, verified sources and monitor network traffic for anomalous SAML responses.
Entrouvert Lasso in versions 2.5.1 and 2.8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEntrouvert Lasso
APPEntrouvert2.5.12.8.2
Related vulnerabilities
A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'...
A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2....
A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr...
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859...