Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-25293

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.

Published

2025-03-12T21:15:42.363

Last Modified

2025-11-03T20:17:59.253

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	omniauth	omniauth_saml	< 1.10.6	Yes
Application	omniauth	omniauth_saml	< 2.1.3	Yes
Application	omniauth	omniauth_saml	< 2.2.3	Yes
Application	onelogin	ruby-saml	< 1.12.4	Yes
Application	onelogin	ruby-saml	< 1.18.0	Yes

References

https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released Patch ([email protected])
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials Exploit, Third Party Advisory ([email protected])
https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a Patch ([email protected])
https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1 Patch ([email protected])
https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4 Release Notes ([email protected])
https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0 Release Notes ([email protected])
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq Vendor Advisory ([email protected])
https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv Vendor Advisory ([email protected])
https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml Exploit, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20250314-0008/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)