CVE-2025-47151

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Entr'ouvert Lasso versions 2.5.1 and 2.8.2

Description A type confusion issue exists within the lasso node impl init from xml function. A specially crafted SAML response can trigger this issue, potentially leading to arbitrary code execution. An attacker can exploit this by sending a malformed SAML response. The vulnerability resides within the SAML implementation library and impacts Single Sign-On (SSO) infrastructure, potentially enabling lateral movement across federated environments.

Recommendations Versions prior to 2.5.1 and versions after 2.8.2 should be considered for use. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALSA-2025:21462

ALSA-2025:21628

AZL-69850

AZL-69863

BDU:2026-05074

CESA-2025_21628

CVE-2025-47151

DLA-4397-1

DSA-6058-1

INFSA-2025_21462

INFSA-2025_21628

OESA-2025-2662

OESA-2025-2663

OESA-2025-2664

OESA-2025-2665

OESA-2025-2666

OPENSUSE-SU-2025:20083-1

RHSA-2025:21399

RHSA-2025:21400

RHSA-2025:21401

RHSA-2025:21402

RHSA-2025:21403

RHSA-2025:21404

RHSA-2025:21405

RHSA-2025:21406

RHSA-2025:21452

RHSA-2025:21462

RHSA-2025:21628

RHSA-2025_21462

RHSA-2025_21628

SUSE-SU-2025:21140-1

SUSE-SU-2025:4068-1

SUSE-SU-2025:4090-1

SUSE-SU-2025:4094-1

USN-7872-1

Affected Products

Almalinux

Centos

Debian

Entr’Ouvert Lasso

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2025-47151

Weakness Enumeration

Related Identifiers

Affected Products

References · 63