CVE-2025-54572: Ruby SAML Library Vulnerable to Denial of Service

The Ruby SAML library, widely used for implementing SAML authorization, has a denial-of-service (DoS) vulnerability. An attacker can exploit this flaw to exhaust resources, impacting application availability. This blog post provides detailed information about the vulnerability, its impact, and recommended mitigation steps.

Vulnerability Details

CVE ID: CVE-2025-54572
Description: A denial-of-service vulnerability exists in ruby-saml versions 1.18.0 and below, even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format before checking the message size, potentially leading to resource exhaustion.
CVSS Score and Vector:
- CVSS v4.0: 6.9 (Medium)
- Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Explanation: A remote attacker can cause a limited denial of service without needing any privileges or user interaction. The attack complexity is low, making it relatively easy to exploit.
Exploit Requirements: No authentication or special privileges are required to trigger this vulnerability. An attacker only needs to send a specially crafted SAML response.
Affected Vendor, Product, Version:
- Vendor: SAML-Toolkits
- Product: ruby-saml
- Version: <= 1.18.0
CWE:
- CWE-400: Uncontrolled Resource Consumption
- CWE-770: Allocation of Resources Without Limits or Throttling
- Explanation: The application does not properly limit the resources (memory, CPU) consumed when processing SAML responses, allowing an attacker to exhaust available resources.

Timeline of Events

2025-07-30: Vulnerability reported and CVE assigned.
2025-07-30: Patch released (version 1.18.1).

Exploitability & Real-World Risk

The vulnerability is highly exploitable due to its low attack complexity and the lack of authentication requirements. In a real-world scenario, an attacker could continuously send large, malformed SAML responses to a service relying on the Ruby SAML library. This can lead to resource exhaustion, causing the service to become unresponsive and unavailable to legitimate users. Considering that SAML is often used for authentication in critical applications, the impact of this vulnerability could be significant.

Recommendations

Upgrade: Upgrade to ruby-saml version 1.18.1 or later. This version includes a fix for the vulnerability.
Monitor: Monitor system resources (CPU, memory) for unusual activity, which could indicate a denial-of-service attack.
Rate Limiting: Implement rate limiting on SAML authentication endpoints to prevent a single attacker from overwhelming the system with requests.

Technical Insight

The vulnerability stems from the fact that the library validates the Base64 format of the SAML response *before* checking its size against the message_max_bytesize setting. An attacker can exploit this by sending an extremely large Base64-encoded message. The library will attempt to decode the entire message before realizing it exceeds the size limit, potentially causing a denial-of-service condition due to excessive memory allocation and processing time.

Credit to Researcher(s)

This vulnerability was reported via GitHub Security Advisory.

CVE-2025-54572: Ruby SAML Library Vulnerable to Denial of Service

CVE-2025-54572: Ruby SAML Library Vulnerable to Denial of Service

Vulnerability Details

Timeline of Events

Exploitability & Real-World Risk

Recommendations

Technical Insight

Credit to Researcher(s)

References

Tags

Timeline

References

Post a Comment

Contact Form