ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses.
Ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after.
This issue may lead to remote Denial of Service (DoS).
| Score | Percentile |
|---|---|
| 2.70% | 85.50% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 7.5 | 3.1 | — |
|
| 7.7 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-92rq-c8cf-prrq ↗ |
| CVE | CVE-2025-25293 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| rubygems | ruby-saml | < 1.12.4 | 1.12.4 | — |
| rubygems | ruby-saml | >= 1.13.0, < 1.18.0 | 1.18.0 | — |