CVE-2025-46404

Publication date 5 November 2025

Last updated 18 November 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.5 · High

Score breakdown

Description

A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Status

Package Ubuntu Release Status
lasso 26.04 LTS resolute
Not affected
25.10 questing
Not affected
25.04 plucky
Fixed 2.8.2-8ubuntu0.1
24.04 LTS noble
Fixed 2.8.2-2ubuntu0.1
22.04 LTS jammy
Fixed 2.7.0-2ubuntu0.1
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial Ignored end of ESM support, was needs-triage

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
lasso

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.5 · High

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-7872-1
    • Lasso vulnerabilities
    • 18 November 2025

Other references

Access our resources on patching vulnerabilities