CVE-2025-45769

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-45769

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45769.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-45769

Aliases

GHSA-2x45-7fc3-mxwq

Related

CGA-m6mf-96qf-fjhg

Published

2025-07-31T20:15:33.150Z

Modified

2026-04-10T05:27:12.789127Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

References

Affected packages

Git / github.com/firebase/php-jwt

Affected ranges

Type

GIT

Repo

https://github.com/firebase/php-jwt

Events

Introduced

Last affected

8f718f4dfc9c5d5f0c994cdfd103921b43592712

Fixed

c03036fd5dbd530a95406ca3b5f6d7b24eaa3910

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.11.0"
        }
    ]
}

Affected versions

v0.*

v0.0.0

v1.*

v1.0.0

v2.*

v2.0.0

v2.1.0

v2.2.0

v3.*

v3.0.0

v4.*

v4.0.0

v5.*

v5.0.0

v5.1.0

v5.2.0

v5.2.1

v5.3.0

v5.4.0

v5.5.0

v5.5.1

v6.*

v6.0.0

v6.1.0

v6.1.1

v6.1.2

v6.10.0

v6.10.1

v6.10.2

v6.11.0

v6.11.1

v6.2.0

v6.3.0

v6.3.1

v6.3.2

v6.4.0

v6.5.0

v6.6.0

v6.7.0

v6.8.0

v6.8.1

v6.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45769.json"