CVE-2025-25293

Published: December 3, 2025

ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.

Unknown
CVSS v2:

Status

DocFilters Release	Package	State
25.1	zlib (1.3)	Needs Triage
24.4	zlib (1.3)	Needs Triage
24.4.0	zlib (1.3)	Needs Triage
24.3	zlib (1.3)	Needs Triage
24.2.1	zlib (1.3)	Needs Triage
24.2	zlib (1.3)	Needs Triage
24.1	zlib (1.3)	Needs Triage
23.3	zlib (1.3)	Needs Triage
23.2.1	zlib (1.2.12)	Needs Triage
23.2	zlib (1.2.12)	Needs Triage
23.1	zlib (1.2.12)	Needs Triage
22.4	zlib (1.2.12)	Needs Triage
22.3	zlib (1.2.12)	Needs Triage
22.2	zlib (1.2.12)	Needs Triage
22.1	zlib (1.2.11)	Needs Triage
21.11.1	zlib (1.2.11)	Needs Triage
21.11	zlib (1.2.11)	Needs Triage
21.8.1	zlib (1.2.11)	Needs Triage
21.8	zlib (1.2.11)	Needs Triage
21.5.1	zlib (1.2.11)	Needs Triage
21.5.0	zlib (1.2.11)	Needs Triage
21.2.0	zlib (1.2.11)	Needs Triage
11.4.20	zlib (1.2.11)	Needs Triage
11.4.19.3667	zlib (1.2.11)	Needs Triage
11.4.18.3599	zlib (1.2.11)	Needs Triage
11.4.17	zlib (1.2.11)	Needs Triage
11.4.16.3445	zlib (1.2.11)	Needs Triage
11.4.15.3368	zlib (1.2.11)	Needs Triage
11.4.14.3263	zlib (1.2.11)	Needs Triage
11.4.13.3179	zlib (1.2.11)	Needs Triage
11.4.12.3054	zlib (1.2.11)	Needs Triage
11.4.11.3040	zlib (1.2.11)	Needs Triage
11.4.11.2990	zlib (1.2.11)	Needs Triage
11.4.10.2934	zlib (1.2.11)	Needs Triage
11.4.9.2878	zlib (1.2.11)	Needs Triage
11.4.8.2822	zlib (1.2.11)	Needs Triage

Severity score breakdown

References

NVD
MITRE