CVE-2025-25293

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-25293

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-25293.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-25293

Aliases

Related

Withdrawn

2025-03-17T16:49:19.877539Z

Published

2025-03-12T21:15:42Z

Modified

2025-03-17T05:50:02.450332Z

Summary

[none]

Details

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.

References

Affected packages

Debian:11 / ruby-saml

Package

Name: ruby-saml
Purl: pkg:deb/debian/ruby-saml?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.11.0-1

1.11.0-1+deb11u1

1.12.2-1

1.12.2-2

1.13.0-1

1.15.0-1

1.17.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-saml

Package

Name: ruby-saml
Purl: pkg:deb/debian/ruby-saml?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13.0-1

1.13.0-1+deb12u1

1.15.0-1

1.17.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-saml

Package

Name: ruby-saml
Purl: pkg:deb/debian/ruby-saml?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13.0-1

1.15.0-1

1.17.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/saml-toolkits/ruby-saml

Affected ranges

Type: GIT
Repo: https://github.com/saml-toolkits/ruby-saml
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

acac9e9cc0b9a507882c614f25d41f8b47be349a

Fixed

e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1

Affected versions

0.*

0.7.3

0.8.0

0.8.1

1.*

1.3.1

1.4.0

1.4.1

1.4.2

1.4.3

1.5.0

v0.*

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

v0.7.1

v0.9

v0.9.1

v0.9.2

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.10.0

v1.10.1

v1.10.2

v1.11.0

v1.12.0

v1.12.1

v1.12.2

v1.12.3

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.2.0

v1.3.0

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.7.1

v1.7.2

v1.8.0

v1.9.0