Home > Vulnerability Database > CVE-2025-54572

Mend.io Vulnerability Database

CVE-2025-54572

Good to know:

Date: July 30, 2025

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. This is fixed in version 1.18.1.

Severity Score

5.3

Related Resources (9)

Url: https://github.com/SAML-Toolkits/ruby-saml

Url: https://security-tracker.debian.org/tracker/CVE-2025-54572

Url: https://github.com/SAML-Toolkits/ruby-saml/pull/770

Url: https://github.com/SAML-Toolkits/ruby-saml/commit/38ef5dd1ce17514e202431f569c4f5633e6c2709

Url: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-rrqh-93c8-j966

Url: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-54572.yml

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54572

Url: https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.1

Url: https://www.mend.io/vulnerability-database/CVE-2025-54572

Severity Score

5.3

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version ruby-saml - 1.18.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54572

Good to know:

Date: July 30, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?