CVE-2025-25293
Denial of Service vulnerability in ruby-saml (RubyGems)
What is CVE-2025-25293 About?
This vulnerability in ruby-saml allows for a remote Denial of Service (DoS) attack through malicious compressed SAML responses. It can cause service disruption by bypassing message size checks, leading to excessive resource consumption when decompressing the SAML response. Exploitation is moderately easy as it involves crafting a compressed SAML assertion without specific server-side authentication.
Affected Software
- ruby-saml
- <1.12.4
- >=1.13.0, <1.18.0
Technical Details
The ruby-saml library is vulnerable to a remote Denial of Service (DoS) attack when processing compressed SAML responses. The issue stems from an insufficient message size check mechanism: the zlib decompression process is initiated on SAML responses, but the size check is performed before inflation/decompression. An attacker can craft a highly compressed SAML assertion that appears small before decompression but expands to an extremely large size upon inflation. This oversized data consumes excessive memory and CPU resources during decompression, leading to resource exhaustion and subsequently a denial of service for the application relying on ruby-saml.
What is the Impact of CVE-2025-25293?
Successful exploitation may allow attackers to cause a remote Denial of Service, leading to service disruption, system unresponsiveness, and potential data loss or integrity issues due to abnormal termination of processes.
What is the Exploitability of CVE-2025-25293?
Exploitation of this DoS vulnerability is of moderate complexity, requiring the attacker to craft a specially designed, highly compressed SAML response. No authentication to the target application is strictly required, as the attack vectors typically involve submitting a SAML response that the application attempts to process. The attack can be initiated remotely. The primary constraint is the attacker's ability to submit a SAML response to the vulnerable application. The likelihood of exploitation is increased if the SAML endpoint is publicly accessible and processes compressed SAML messages without robust post-decompression size limits.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2025-25293?
Available Upgrade Options
- ruby-saml
- <1.12.4 → Upgrade to 1.12.4
- ruby-saml
- >=1.13.0, <1.18.0 → Upgrade to 1.18.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://security.netapp.com/advisory/ntap-20250314-0008/
- https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html
- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
- https://lists.debian.org/debian-lts-announce/2025/04/msg00011.html
- https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
- https://nvd.nist.gov/vuln/detail/CVE-2025-25293
- https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
- https://securitylab.github.com/advisories/GHSL-2024-355_ruby-saml
- https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.12.4
- https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
What are Similar Vulnerabilities to CVE-2025-25293?
Similar Vulnerabilities: CVE-2011-2856 , CVE-2013-6449 , CVE-2019-17565 , CVE-2020-0062 , CVE-2020-13934
