CVE-2025-47151 | THREATINT

Description

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

PUBLISHED Reserved 2025-05-07 | Published 2025-11-05 | Updated 2025-11-05 | Assigner talos

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

Product status

2.5.1

affected

2.8.2

affected

Credits

Discovered by Keane O'Kelley of and another member of Cisco Advanced Security Initiative Group

References

www.talosintelligence.com/...ability_reports/TALOS-2025-2193

talosintelligence.com/vulnerability_reports/TALOS-2025-2193

cve.org (CVE-2025-47151)

nvd.nist.gov (CVE-2025-47151)

Download JSON