CVE-2025-45769
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-31
Last updated on: 2026-02-18
Assigner: MITRE
Description
Description
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| firebase_php-jwt | to 6.11.0 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-326 | The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in php-jwt v6.11.0 is due to weak encryption, which means the cryptographic methods used to secure data are not strong enough, potentially allowing attackers to compromise the security of the system.
How can this vulnerability impact me? :
This vulnerability can impact you by exposing sensitive data to unauthorized access or manipulation, undermining the integrity and confidentiality of information protected by php-jwt.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70