CVE

CVE-2025-47151

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2.

Back to all

CVE

CVE-2025-47151

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2.

A type confusion vulnerability exists in the lassonodeimplinitfrom_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

9.8

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://talosintelligence.com/vulnerabilityreports/TALOS-2025-2193, https://www.talosintelligence.com/vulnerabilityreports/TALOS-2025-2193

Severity

9.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

9.8

EPSS Probability

0.00132%

EPSS Percentile

0.33339%

Introduced Version

Fix Available

0:2.7.0-11.el9_7.3,0:2.6.0-14.el8_10,2.8.1-1+deb12u1,2.6.1-3+deb11u1,2.8.2-9+deb13u1,0:2.8.2-2ubuntu0.1,0:2.7.0-2ubuntu0.1,0:2.5.1-8.0.1.el7_9,0:2.9.0-1.amzn2023,0:2.9.0-1.amzn2.0.1

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2025-47151

CVE-2025-47151

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

9.8

Basic Information

Fix Critical Vulnerabilities Instantly