CVE-2025-0182 Overview
CVE-2025-0182 is a denial of service vulnerability affecting danswer-ai/danswer version 0.9.0. The flaw originates from a vulnerable version of the starlette package (<=0.49) pulled in through fastapi. Attackers can exhaust server memory by sending repeated requests to the /auth/saml/callback endpoint, leading to uncontrolled resource consumption and service unavailability. The issue is classified under [CWE-770: Allocation of Resources Without Limits or Throttling]. No authentication or user interaction is required for exploitation.
Critical Impact
Unauthenticated remote attackers can trigger memory exhaustion against the SAML authentication callback endpoint, rendering the danswer service unavailable.
Affected Products
- danswer-ai/danswer version 0.9.0
- fastapi versions prior to 0.115.3
- starlette versions less than or equal to 0.49
Discovery Timeline
- 2025-03-20 - CVE-2025-0182 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2025-0182
Vulnerability Analysis
The vulnerability resides in how danswer-ai/danswer 0.9.0 handles SAML authentication callbacks through its fastapi dependency. The underlying starlette package processes multipart form data without enforcing strict bounds on memory allocation. Repeated requests to the /auth/saml/callback endpoint allocate memory that is not released or capped, allowing an attacker to drive the process toward memory exhaustion. The vulnerability impacts availability only, with no direct effect on confidentiality or integrity. Successful exploitation requires only network reachability to the SAML callback endpoint.
Root Cause
The root cause is the use of a vulnerable starlette version (<=0.49) included transitively via fastapi. The starlette maintainers addressed the unbounded allocation in the multipart parser. The fix was incorporated upstream in fastapi version 0.115.3. Applications such as danswer-ai/danswer 0.9.0 that pin or transitively resolve older fastapi releases remain exposed.
Attack Vector
An unauthenticated attacker sends a sequence of crafted HTTP requests to the /auth/saml/callback endpoint. Each request triggers allocations inside the vulnerable multipart parser. Because the parser does not bound input size or release memory promptly, sustained request volume drives the Python process resident memory until the operating system terminates it or the host becomes unresponsive. The attack does not require valid SAML assertions, since memory consumption occurs during request parsing prior to assertion validation.
See the Huntr Bounty Report for additional technical details.
Detection Methods for CVE-2025-0182
Indicators of Compromise
- Repeated POST requests from a single source IP to /auth/saml/callback within a short interval
- Sustained growth in resident memory of the danswer or uvicorn worker processes
- Out-of-memory (OOM) kill events in system logs referencing the application process
- HTTP 5xx error rates spiking on authentication endpoints
Detection Strategies
- Inspect web access logs for high-frequency requests to /auth/saml/callback lacking valid session context
- Correlate process memory metrics with inbound request rates to the SAML endpoint
- Alert on Python process restarts or container OOMKilled events in orchestration platforms
- Use software composition analysis to flag deployments running fastapi < 0.115.3 or starlette <= 0.49
Monitoring Recommendations
- Enable rate-limiting metrics on the reverse proxy or API gateway fronting danswer
- Track per-endpoint request volume and 95th percentile response time for /auth/saml/*
- Forward application and container logs to a centralized analytics platform for anomaly detection
- Monitor dependency manifests in CI to detect reintroduction of vulnerable starlette versions
How to Mitigate CVE-2025-0182
Immediate Actions Required
- Upgrade fastapi to version 0.115.3 or later, which bundles the patched starlette release
- Pin starlette to a version greater than 0.49 in the project requirements file
- Apply rate limiting on the /auth/saml/callback endpoint at the reverse proxy or WAF layer
- Restrict network access to SAML endpoints to trusted identity provider IP ranges where feasible
Patch Information
The vulnerability is resolved by upgrading fastapi to version 0.115.3 or later, which pulls in a fixed starlette release. Operators of danswer-ai/danswer 0.9.0 should update the dependency manifest and redeploy. Refer to the Huntr Bounty Report for upstream remediation references.
Workarounds
- Place danswer behind a reverse proxy enforcing request size limits and per-IP rate limits
- Configure container memory limits and automatic restart policies to contain the impact of memory exhaustion
- Temporarily disable SAML authentication if not in active use until patching completes
# Configuration example: upgrade vulnerable dependencies
pip install --upgrade 'fastapi>=0.115.3' 'starlette>0.49'
# Example nginx rate limit for the SAML callback endpoint
# limit_req_zone $binary_remote_addr zone=saml:10m rate=5r/m;
# location /auth/saml/callback { limit_req zone=saml burst=5 nodelay; }
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
