cbcvebase.
CVE-2025-25293
published 2025-03-12

CVE-2025-25293: ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to…

PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.36%
68.2th percentile
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.

Affected

16 ranges
VendorProductVersion rangeFixed in
debianruby-saml< ruby-saml 1.11.0-1+deb11u2 (bullseye)ruby-saml 1.11.0-1+deb11u2 (bullseye)
omniauthomniauth_saml< 1.10.61.10.6
omniauthomniauth_saml>= 2.0.0 < 2.1.32.1.3
omniauthomniauth_saml>= 2.2.0 < 2.2.32.2.3
oneloginruby-saml< 1.12.41.12.4
oneloginruby-saml>= 0 < 1.11.0-1+deb11u21.11.0-1+deb11u2
oneloginruby-saml>= 0 < 1.12.41.12.4
oneloginruby-saml>= 0 < 1.1.2-1ubuntu1+esm21.1.2-1ubuntu1+esm2
oneloginruby-saml>= 0 < 1.7.2-1ubuntu0.1~esm21.7.2-1ubuntu0.1~esm2
oneloginruby-saml>= 0 < 1.11.0-1ubuntu0.1+esm11.11.0-1ubuntu0.1+esm1
oneloginruby-saml>= 0 < 1.13.0-1ubuntu0.1+esm11.13.0-1ubuntu0.1+esm1
oneloginruby-saml>= 0 < 1.15.0-1ubuntu0.24.04.1+esm11.15.0-1ubuntu0.24.04.1+esm1
oneloginruby-saml>= 1.13.0 < 1.18.01.18.0
oneloginruby-saml>= 1.13.0 < 1.18.01.18.0
saml-toolkitsruby-saml< 1.12.41.12.4
saml-toolkitsruby-saml

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.07.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ghsa9.3CRITICAL
osv9.3CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian7.7HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.