CVE-2025-47151CRITICAL 9.8EPSS p52.1%

CVE-2025-47151CVE-2025-47151

Description

A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.81% probability of exploitation · percentile 52.1% · 2026-06-19T12:03:05Z
Published2025-11-05
Last modified2025-11-07

Underlying weaknesses· 1

CWE-843

References

  1. https://talosintelligence.com/vulnerability_reports/TALOS-2025-2193
  2. https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2193

1

TypeTargetConfidenceTier
WeaknessAccess of Resource Using Incompatible Type ('Type Confusion')cwe-8430%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-54419
CVE
CVE-2026-24515
CVE
CVE-2025-54982
CVE
CVE-2025-13790
CVE
CVE-2025-12816
CVE
CVE-2026-5343
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.