CVE-2025-47151 – A type confusion vulnerability in Entr'ouvert L... (How to Fix)

Q: What is the severity of CVE-2025-47151?

CVE-2025-47151 has a CVSS score of 9.8 (CRITICAL). A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when processing malicious SAML responses. This affects systems using Lasso 2.5.1 and 2.8.2 for SAML authentication. Attackers can exploit this without authentication to execute arbitrary code on vulnerable servers.

📋 TL;DR

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when processing malicious SAML responses. This affects systems using Lasso 2.5.1 and 2.8.2 for SAML authentication. Attackers can exploit this without authentication to execute arbitrary code on vulnerable servers.

💻 Affected Systems

Products:

Entr'ouvert Lasso

Versions: 2.5.1 and 2.8.2

Operating Systems: All platforms running Lasso

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using Lasso for SAML authentication is vulnerable regardless of configuration.

📦 What is this software?

Lasso by Entrouvert

View all CVEs affecting Lasso →

Lasso by Entrouvert

View all CVEs affecting Lasso →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root/admin privileges, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to service disruption, credential theft, and lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation, but still potential for service disruption if exploited.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending a specially crafted SAML response to a vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for patched versions

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2193

Restart Required: Yes

Instructions:

1. Check current Lasso version. 2. Apply vendor-provided patch or upgrade to fixed version. 3. Restart affected services. 4. Verify fix is applied.

🔧 Temporary Workarounds

Network Filtering

all

Block or filter incoming SAML responses at network perimeter

Load Balancer Rules

all

Configure WAF or load balancer to inspect and block malformed SAML responses

🧯 If You Can't Patch

Isolate vulnerable systems from internet and restrict network access
Implement strict input validation for SAML responses at application layer

🔍 How to Verify

Check if Vulnerable:

Check Lasso version: lasso-config --version or check installed package version

Check Version:

lasso-config --version || dpkg -l | grep lasso || rpm -qa | grep lasso

Verify Fix Applied:

Verify version is updated and test SAML functionality remains operational

📡 Detection & Monitoring

Log Indicators:

SAML parsing errors
Unexpected process crashes
Unusual memory allocation patterns

Network Indicators:

Malformed SAML responses
Unexpected XML structure in authentication requests

SIEM Query:

source="*lasso*" AND (error OR crash OR "malformed" OR "SAML")

📊 Metadata

CVE ID: CVE-2025-47151

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-843

EPSS Score: 0.13% exploit probability (32.9th percentile)

Published: November 5, 2025

Last Updated: November 7, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2193 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2193 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-47151, you might also want to check these: