INFSA-2025:21462: lasso security update
Information about definition
Identificator: INFSA-2025:21462
Type: security
Release date: 2025-12-01 14:37:20 UTC
Information about package
The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.
Vulnerabilities description
- CVE-2025-47151
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-47151
|
no information | 9.8 | no information |
Updated packages
Preparing to download...