CVE-2025-45770
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-31
Last updated on: 2025-08-17
Assigner: MITRE
Description
Description
jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jwt_project | jwt | to 5.4.3 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-326 | The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in jwt v5.4.3 is due to weak encryption, which means the cryptographic protection used to secure data is insufficient and could be compromised.
How can this vulnerability impact me? :
This vulnerability could allow attackers to decrypt or tamper with data protected by jwt v5.4.3, potentially leading to unauthorized access or data breaches.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70