{"id":"CVE-2025-25293","summary":"ruby-saml vulnerable to Remote Denial of Service (DoS) with compressed SAML responses","details":"ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.","aliases":["BIT-gitlab-2025-25293","GHSA-92rq-c8cf-prrq"],"modified":"2026-04-10T05:23:14.614374Z","published":"2025-03-12T20:11:08.860Z","related":["GHSA-92rq-c8cf-prrq","GHSA-hw46-3hmr-x9xv"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/25xxx/CVE-2025-25293.json","cwe_ids":["CWE-400"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released"},{"type":"WEB","url":"https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4"},{"type":"WEB","url":"https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/25xxx/CVE-2025-25293.json"},{"type":"ADVISORY","url":"https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq"},{"type":"ADVISORY","url":"https://github.com/omniauth/omniauth-saml/security/advisories/GHSA-hw46-3hmr-x9xv"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-25293"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20250314-0008/"},{"type":"ADVISORY","url":"https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml"},{"type":"FIX","url":"https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a"},{"type":"FIX","url":"https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1"},{"type":"ARTICLE","url":"https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/omniauth/omniauth-saml","events":[{"introduced":"0"},{"fixed":"1075827eb7d7b0926920c9b452f756d18de6deab"},{"introduced":"ed52758c272f5afe81e3304d1f4e436e30021a2a"},{"fixed":"2eb30faada7936b2e2188e47a5b768f5643e6eae"},{"introduced":"4274e9d57e65f2dcaae4aa3b2accf831494f2ddd"},{"fixed":"34eb3541248e4ee56fa2189bd7b47f4748fe2f78"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.10.6"},{"introduced":"2.0.0"},{"fixed":"2.1.3"},{"introduced":"2.2.0"},{"fixed":"2.2.3"}]}}],"versions":["v0.9.0","v0.9.1","v0.9.2","v1.0.0","v1.1.0","v1.10.0","v1.10.1","v1.10.2","v1.10.3","v1.10.4","v1.10.5","v1.2.0","v1.3.0","v1.3.1","v1.4.0","v1.4.1","v1.4.2","v1.5.0","v1.6.0","v1.7.0","v1.8.0","v1.8.1","v1.9.0","v2.0.0","v2.1.0","v2.1.1","v2.1.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25293.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/onelogin/ruby-saml","events":[{"introduced":"0"},{"fixed":"48cc5b92e1dde8637a013dfd48cdf8ceadd499b2"},{"introduced":"5da850c36bbf678674f9321032df428139d7e434"},{"fixed":"6a7c040049babe748ee1bb4ca13898c47189114c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.12.4"},{"introduced":"1.13.0"},{"fixed":"1.18.0"}]}}],"versions":["0.7.3","0.8.0","0.8.1","1.3.1","1.4.0","1.4.1","1.4.2","1.4.3","1.5.0","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.4.5","v0.4.6","v0.4.7","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.6.0","v0.7.1","v0.9","v0.9.1","v0.9.2","v1.0.0","v1.1.0","v1.1.1","v1.1.2","v1.10.0","v1.10.1","v1.10.2","v1.11.0","v1.12.0","v1.12.1","v1.12.2","v1.14.0","v1.15.0","v1.16.0","v1.17.0","v1.2.0","v1.3.0","v1.6.0","v1.6.1","v1.6.2","v1.7.0","v1.7.1","v1.7.2","v1.8.0","v1.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25293.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/saml-toolkits/ruby-saml","events":[{"introduced":"0"},{"fixed":"48cc5b92e1dde8637a013dfd48cdf8ceadd499b2"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.12.4"}]}},{"type":"GIT","repo":"https://github.com/saml-toolkits/ruby-saml","events":[{"introduced":"5da850c36bbf678674f9321032df428139d7e434"},{"fixed":"6a7c040049babe748ee1bb4ca13898c47189114c"}],"database_specific":{"versions":[{"introduced":"1.13.0"},{"fixed":"1.18.0"}]}}],"versions":["0.7.3","0.8.0","0.8.1","1.3.1","1.4.0","1.4.1","1.4.2","1.4.3","1.5.0","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.3.4","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.4.5","v0.4.6","v0.4.7","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.6.0","v0.7.1","v0.9","v0.9.1","v0.9.2","v1.0.0","v1.1.0","v1.1.1","v1.1.2","v1.10.0","v1.10.1","v1.10.2","v1.11.0","v1.2.0","v1.3.0","v1.6.0","v1.6.1","v1.6.2","v1.7.0","v1.7.1","v1.7.2","v1.8.0","v1.9.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-25293.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P"}]}