{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-46705", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2025-05-07T13:20:22.107Z", "datePublished": "2025-11-05T14:56:55.535Z", "dateUpdated": "2025-11-05T22:36:34.501Z"}, "containers": {"cna": {"affected": [{"vendor": "Entr'ouvert", "product": "Lasso", "versions": [{"version": "2.5.1", "status": "affected"}, {"version": "2.8.2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-617: Reachable Assertion", "type": "CWE", "cweId": "CWE-617"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-11-05T22:36:34.501Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2196", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2196"}], "credits": [{"lang": "en", "value": "Discovered by Keane O'Kelley of and another member of Cisco Advanced Security Initiative Group"}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2196"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-05T17:04:16.858Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-05T19:00:29.919406Z", "id": "CVE-2025-46705", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T19:00:39.878Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2196"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-05T17:04:16.858Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46705", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-05T19:00:29.919406Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T19:00:34.807Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Keane O'Kelley of and another member of Cisco Advanced Security Initiative Group"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Entr'ouvert", "product": "Lasso", "versions": [{"status": "affected", "version": "2.5.1"}, {"status": "affected", "version": "2.8.2"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2196", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2196"}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617: Reachable Assertion"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-11-05T22:36:34.501Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46705", "state": "PUBLISHED", "dateUpdated": "2025-11-05T22:36:34.501Z", "dateReserved": "2025-05-07T13:20:22.107Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2025-11-05T14:56:55.535Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:entrouvert:lasso:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "7177DC8A-9874-45BA-BC80-17604D8A0875", "vulnerable": true}, {"criteria": "cpe:2.3:a:entrouvert:lasso:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6418EA3D-B50B-4F83-AA49-D2E2C2710DEA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability."}], "id": "CVE-2025-46705", "lastModified": "2025-11-07T20:02:36.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-11-05T15:15:38.530", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory", "Exploit"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2196"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "lasso: Denial of service in Entr'ouvert Lasso", "id": "2412740", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2412740"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-617", "details": ["A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-46705", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "lasso", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-05T14:56:55Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-46705\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-46705\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2025-2196\nhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2196"], "statement": "This flaw describes an availability impact which is limited on Red Hat products to the active application.", "threat_severity": "Moderate"}