CVE-2025-45765
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-07
Last updated on: 2025-08-12
Assigner: MITRE
Description
Description
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ruby-jwt | ruby-jwt | 3.0.0.beta1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-326 | The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in ruby-jwt v3.0.0.beta1 is due to weak encryption. The library does not enforce key size requirements, which can lead to the use of insufficiently strong cryptographic keys. This weakness can compromise the security of data protected by this library.
How can this vulnerability impact me? :
This vulnerability can impact you by weakening the security of encrypted data handled by ruby-jwt. If weak keys are used, attackers may be able to break the encryption more easily, potentially leading to unauthorized access or data breaches.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70