CVE-2025-46705

Published: Nov 5, 2025Modified: Nov 7, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: CNA (Secondary)

Description

A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

Affected (2)

Products: Entrouvert: Lasso

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Entrouvert Lasso	Version 2.5.1
Entrouvert Lasso	Version 2.8.2

Related CWEs

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2196

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2196

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.