CVE-2025-45769
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/firebase/php-jwt
- https://github.com/firebase
- https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3
- https://github.com/firebase/php-jwt/issues/620
- https://github.com/github/advisory-database/pull/6954
- https://github.com/advisories/GHSA-2x45-7fc3-mxwq
- https://github.com/firebase/php-jwt/releases/tag/v7.0.0
- https://github.com/firebase/php-jwt/pull/613
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.