CVE-2025-25293

HIGH

ruby-saml < 1.12.4 - Denial of Service via Compressed SAML Response Bypass

Title source: llm
STIX 2.1

Description

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.

References (11)

Core 11
Core References
Exploit, Third Party Advisory x_refsource_misc
https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml

Scores

CVSS v3 7.5
EPSS 0.0136
EPSS Percentile 68.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (3)
omniauth/omniauth_saml < 1.10.6
onelogin/ruby-saml < 1.12.4
rubygems/ruby-saml 0 - 1.12.4RubyGems
Published Mar 12, 2025
Tracked Since Feb 18, 2026