CVE-2025-25293

moderate-risk
Published 2025-03-12

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.

Do I need to act?

~
2.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Onelogin Omniauth

References (11)

Patch https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-release...
Exploit https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication...
Patch https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f...
Patch https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140...
Release Notes https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
Release Notes https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
Vendor Advisory https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-pr...
Vendor Advisory https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9x...
Exploit https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml
https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20250314-0008/
39
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 6/34 · Minimal
Exposure 7/34 · Low