CVE-2025-25293
Published: 12 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-25293 is a remote Denial of Service (DoS) vulnerability in the ruby-saml library, which provides Security Assertion Markup Language (SAML) single sign-on (SSO) functionality for Ruby applications. The issue affects versions prior to 1.12.4 and 1.18.0. It stems from the library's use of zlib to decompress incoming SAML responses, where the message size check occurs before decompression rather than after. This allows a compressed assertion to bypass size limits, potentially leading to excessive resource consumption upon inflation.
The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-400 (Uncontrolled Resource Consumption). A remote, unauthenticated attacker can exploit it by sending a specially crafted compressed SAML response to a vulnerable ruby-saml deployment. Successful exploitation results in a DoS condition, disrupting service availability without impacting confidentiality or integrity.
Mitigation is available through upgrading to ruby-saml versions 1.12.4 or 1.18.0, which address the flaw via changes documented in specific commits (acac9e9cc0b9a507882c614f25d41f8b47be349a and e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1). GitLab released version 17.9.2 on March 12, 2025, to patch affected instances, as noted in their advisory. Additional guidance appears in the ruby-saml release notes and a related GitHub security blog post.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability in ruby-saml allows remote attackers to perform a denial of service by sending compressed SAML responses that bypass the pre-decompression size check and inflate excessively after decompression using zlib, exhausting resources via application exploitation.