CVE-2025-0182
📋 TL;DR
This vulnerability in danswer-ai/danswer version 0.9.0 allows attackers to cause denial of service through memory exhaustion by sending multiple requests to the /auth/saml/callback endpoint. The issue stems from a vulnerable starlette package dependency via fastapi. Organizations running affected danswer-ai instances are at risk.
💻 Affected Systems
- danswer-ai/danswer
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to memory exhaustion, potentially affecting all users and requiring system restart.
Likely Case
Service degradation or temporary unavailability for legitimate users during attack periods.
If Mitigated
Minimal impact with proper rate limiting and monitoring in place.
🎯 Exploit Status
Exploitation requires sending multiple requests to specific endpoint; no authentication needed for the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update fastapi to version 0.115.3 or later
Vendor Advisory: https://huntr.com/bounties/969b8056-b66c-4d70-8f77-04c1cbdc1d1a
Restart Required: No
Instructions:
1. Update fastapi dependency to version 0.115.3 or later. 2. Verify starlette package is updated to version >0.49. 3. Test the application functionality.
🔧 Temporary Workarounds
Rate limiting on vulnerable endpoint
allImplement rate limiting on /auth/saml/callback endpoint to prevent memory exhaustion attacks
Disable SAML authentication
allTemporarily disable SAML authentication if not required
🧯 If You Can't Patch
- Implement strict rate limiting on all endpoints
- Deploy WAF rules to block excessive requests to /auth/saml/callback
🔍 How to Verify
Check if Vulnerable:
Check fastapi version: if <0.115.3 and using danswer-ai 0.9.0, system is vulnerableCheck Version:
pip show fastapi && pip show starletteVerify Fix Applied:
Verify fastapi version is >=0.115.3 and starlette version is >0.49📡 Detection & Monitoring
Log Indicators:
- High frequency of requests to /auth/saml/callback
- Memory usage spikes
- Application crash/restart logs
Network Indicators:
- Unusual traffic patterns to SAML callback endpoint
- Multiple requests from single IP to vulnerable endpoint
SIEM Query:
source="danswer-logs" AND endpoint="/auth/saml/callback" AND count > 1000 per minute