CVE-2025-45769

Sažetak

php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

Reference

https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3
https://github.com/advisories/GHSA-2x45-7fc3-mxwq
https://github.com/firebase
https://github.com/firebase/php-jwt
https://github.com/firebase/php-jwt/issues/620
https://github.com/firebase/php-jwt/pull/613
https://github.com/firebase/php-jwt/releases/tag/v7.0.0
https://github.com/github/advisory-database/pull/6954

CVSS

Base:	6.5
Impact:	2.5
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Zadnje važnije ažuriranje

18-02-2026 - 22:16

Objavljeno

31-07-2025 - 20:15