Denial-of-Service Vulnerability in Ruby SAML Library by SAML Toolkits
CVE-2025-54572

6.9MEDIUM

Key Information:

Vendor

Saml-toolkits

Status
Ruby-saml
Vendor
CVE Published:
30 July 2025

What is CVE-2025-54572?

The Ruby SAML library, designed for client-side SAML authorization, exhibits a denial-of-service vulnerability in versions 1.18.0 and earlier. This issue arises from the improper validation order of SAML responses, which checks the Base64 format before verifying the message size. Consequently, attackers could exploit this flaw to create conditions that lead to resource exhaustion, affecting system availability. The issue has been resolved in version 1.18.1, making it crucial for users to update to this version to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ruby-saml < 1.18.1

References

https://github.com/SAML-Toolkits/ruby-saml/security/advis...
x_refsource_CONFIRM
https://github.com/SAML-Toolkits/ruby-saml/pull/770
x_refsource_MISC
https://github.com/SAML-Toolkits/ruby-saml/commit/38ef5dd...
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

JSON
.