CVE-2025-54572
ruby-saml - security update
EPSS 0.58%
Description
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. This is fixed in version 1.18.1.
How to fix CVE-2025-54572
To remediate CVE-2025-54572, upgrade the affected package to a fixed version below.
- Debian/ruby-saml—upgrade to 1.11.0-1+deb11u3 or later
- —upgrade to 1.11.0-1+deb11u3 or later
- —upgrade to 1.18.1 or later
Is CVE-2025-54572 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.11.0-1+deb11u3
- from 0, < 1.11.0-1+deb11u3
- from 0, < 1.18.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |