CVE-2025-68701
Insecure AES IV Derivation in Jervis Library Allows Cryptographic Weakness
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samrocketman | jervis | to 2.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
| CWE-340 | The product uses a scheme that generates numbers or identifiers that are more predictable than required. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-68701 is a vulnerability in the Jervis library versions prior to 2.2 where the AES-256 encryption implementation deterministically derives the initialization vector (IV) from the passphrase. This means the same IV is reused for encrypting identical plaintexts with the same passphrase, resulting in identical ciphertexts. This deterministic IV reuse weakens encryption security by allowing attackers to perform pattern analysis on the ciphertext. The vulnerability is fixed in version 2.2 by generating a random IV for each encryption operation and prepending it to the ciphertext, eliminating IV reuse. [1]
How can this vulnerability impact me? :
This vulnerability can significantly weaken the security of encrypted data by allowing attackers to detect patterns in ciphertexts when the same passphrase and plaintext are used. This can lead to potential exposure of sensitive information or facilitate cryptanalysis attacks. While the risk is lower if the vulnerable methods are used only internally within the library, it is rated high if consumers use these encryption methods directly. Upgrading to Jervis version 2.2 mitigates this risk by using random IVs. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying usage of Jervis versions prior to 2.2 that employ deterministic AES IV derivation from a passphrase in their encryption routines. Specifically, inspecting the `SecurityIO.groovy` file for the `encryptWithAES256` method that derives the IV as the first 16 bytes of the lowercase SHA-256 hash of the passphrase indicates the vulnerable implementation. There are no specific network detection commands provided, but you can check the version of Jervis installed and review the encryption code or logs for repeated identical ciphertext outputs for identical plaintext and passphrase inputs, which suggests IV reuse. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Jervis to version 2.2 or later, where the vulnerability is fixed by generating a random IV (nonce) for each encryption operation and prepending it to the ciphertext, eliminating IV reuse. No other workarounds are provided. Additionally, ensure that RSA keys used are at least 2048 bits, preferably 4096 bits, and migrate to the updated AES-256-GCM encryption scheme introduced in version 2.2 for improved security. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability weakens the encryption scheme by reusing deterministic IVs, which can lead to pattern analysis and compromise of encrypted data confidentiality. This reduction in encryption strength could negatively impact compliance with standards and regulations such as GDPR and HIPAA that require strong data protection measures. Upgrading to Jervis version 2.2, which uses random IVs and stronger encryption methods, mitigates this risk and helps maintain compliance. [1]