CRITICAL🇵🇱 Wersja polska

CVE-2025-47151

CVSS 9.8v3.1pub. 2025-11-05upd. 2025-11-07

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

🤖 AI Analysis
How it works

The type confusion error (CWE-843) occurs in the lasso_node_impl_init_from_xml function, responsible for parsing XML nodes during SAML response processing. An attacker sends a maliciously modified SAML response that causes the library to treat a given object as a different type than it actually is — leading to unpredictable code execution. The error requires no privileges or prior authentication, making it trivial to trigger remotely over the network.

Impact

An attacker can achieve remote code execution (RCE) on a system processing SAML responses, which may result in complete server takeover, including violation of data confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor according to references (Talos Intelligence report TALOS-2025-2193). As a workaround until updates are applied, it is recommended to restrict acceptance of SAML responses exclusively from trusted, verified sources and monitor network traffic for anomalous SAML responses.

Who is affected

Entrouvert Lasso in versions 2.5.1 and 2.8.2

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Entrouvert Lasso

    APP
    Entrouvert
    2.5.12.8.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-46404HIGH7.5ten sam produkt

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr&#39...

CVE-2025-46705HIGH7.5ten sam produkt

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2....

CVE-2025-46784HIGH7.5ten sam produkt

A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr...

CVE-2021-28091HIGH7.5ten sam produkt

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.

CVE-2015-1783HIGH7.5ten sam produkt

The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859...