CVE-2025-0182 Overview
CVE-2025-0182 is a denial of service vulnerability affecting danswer-ai/danswer version 0.9.0. The flaw stems from a transitive dependency on a vulnerable version of the starlette package (<=0.49) pulled in through fastapi. Attackers can send repeated requests to the /auth/saml/callback endpoint to trigger uncontrolled memory consumption, eventually exhausting available memory and crashing the service. The weakness is classified as [CWE-770] (Allocation of Resources Without Limits or Throttling). No authentication is required, and the attack can be launched remotely over the network.
Critical Impact
Unauthenticated remote attackers can exhaust application memory by flooding the SAML callback endpoint, causing service downtime.
Affected Products
- danswer-ai/danswer version 0.9.0
- fastapi versions prior to 0.115.3
- starlette versions <=0.49
Discovery Timeline
- 2025-03-20 - CVE-2025-0182 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2025-0182
Vulnerability Analysis
The vulnerability resides in how danswer-ai/danswer 0.9.0 processes inbound requests through its fastapi web layer. fastapi versions before 0.115.3 depend on starlette releases <=0.49, which contain a memory handling flaw in request parsing. The /auth/saml/callback endpoint accepts SAML response payloads without enforcing strict allocation limits.
An attacker submits repeated requests to this endpoint, each causing the server to allocate memory that is not promptly released. As request volume grows, resident memory climbs until the worker process is killed by the operating system or becomes unresponsive. The end result is a denial of service condition affecting all legitimate users of the application.
Because the endpoint participates in authentication flows, it is exposed on the network perimeter of typical danswer deployments. The Huntr bounty report confirms reproducibility against an unpatched 0.9.0 instance.
Root Cause
The root cause is improper resource management in the upstream starlette package. Request body and form parsing routines allocate buffers without imposing upper bounds tied to client behavior. When chained behind fastapi and exposed through the SAML callback handler, the missing throttling allows attacker-controlled memory growth aligned with [CWE-770].
Attack Vector
The attack vector is network-based and requires no privileges or user interaction. An attacker scripts a loop that issues HTTP POST requests to /auth/saml/callback with crafted bodies. Each request consumes additional memory on the target host. Sustained traffic exhausts memory, leading to process termination or system-level OOM events. Refer to the Huntr Bounty Report for reproduction details.
Detection Methods for CVE-2025-0182
Indicators of Compromise
- Sustained high volume of HTTP POST requests to /auth/saml/callback from a single source or small set of sources.
- Rapid growth in resident memory (RSS) of the danswer or uvicorn/gunicorn worker processes.
- OOM killer events in dmesg or systemd journal terminating danswer worker processes.
- HTTP 5xx error spikes from the danswer service correlated with traffic to the SAML endpoint.
Detection Strategies
- Monitor request rates per client IP against the /auth/saml/callback route and alert on anomalous volumes.
- Correlate web server access logs with host memory metrics to surface allocation patterns tied to specific endpoints.
- Inventory Python dependencies in deployed images and flag installations of starlette<=0.49 or fastapi<0.115.3.
Monitoring Recommendations
- Track process memory growth rates for danswer workers and alert when usage exceeds defined thresholds.
- Forward web access logs and OOM kill events to a centralized logging platform for correlation.
- Run scheduled Software Composition Analysis (SCA) scans against danswer container images to catch vulnerable transitive dependencies.
How to Mitigate CVE-2025-0182
Immediate Actions Required
- Upgrade fastapi to version 0.115.3 or later, which pulls in a patched starlette release.
- If a danswer release that bundles the fix is unavailable, pin starlette to a fixed version in the deployment manifest.
- Place the danswer application behind a reverse proxy or WAF configured to rate-limit /auth/saml/callback.
- Restrict network exposure of the SAML callback endpoint to trusted identity provider IP ranges where feasible.
Patch Information
The upstream fix is delivered through fastapi version 0.115.3, which depends on a patched starlette release above 0.49. Operators of danswer-ai/danswer 0.9.0 should update the dependency set and rebuild deployment images. See the Huntr Bounty Report for the disclosure record.
Workarounds
- Apply rate limiting at the ingress layer to cap requests per second to /auth/saml/callback per source IP.
- Set process-level memory limits using cgroups, container memory caps, or systemd MemoryMax to contain blast radius.
- Temporarily disable SAML authentication if it is not in use, removing the vulnerable route from the attack surface.
# Configuration example
# Upgrade the vulnerable dependencies
pip install --upgrade 'fastapi>=0.115.3' 'starlette>0.49'
# Verify installed versions
pip show fastapi starlette
# Example nginx rate limit for the SAML callback endpoint
# Add to the http {} block:
# limit_req_zone $binary_remote_addr zone=saml:10m rate=5r/s;
# Add to the location block:
# location /auth/saml/callback {
# limit_req zone=saml burst=10 nodelay;
# proxy_pass http://danswer_backend;
# }
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
