vulnerability
Amazon Linux 2023: CVE-2025-46404: Critical priority package update for lasso
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Nov 5, 2025 | Nov 11, 2025 | Nov 11, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Nov 5, 2025
Added
Nov 11, 2025
Modified
Nov 11, 2025
Description
A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
Solutions
amazon-linux-2023-upgrade-lassoamazon-linux-2023-upgrade-lasso-debuginfoamazon-linux-2023-upgrade-lasso-debugsourceamazon-linux-2023-upgrade-lasso-develamazon-linux-2023-upgrade-perl-lassoamazon-linux-2023-upgrade-perl-lasso-debuginfoamazon-linux-2023-upgrade-python3-lassoamazon-linux-2023-upgrade-python3-lasso-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.