CVE-2025-45769

6.5 MEDIUM

Published: July 31, 2025 Modified: February 18, 2026

Description

php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3

Source: cve@mitre.org

Third Party Advisory

https://github.com/advisories/GHSA-2x45-7fc3-mxwq

Source: cve@mitre.org

https://github.com/firebase

Source: cve@mitre.org

Product

https://github.com/firebase/php-jwt

Source: cve@mitre.org

Product

https://github.com/firebase/php-jwt/issues/620

Source: cve@mitre.org

https://github.com/firebase/php-jwt/pull/613

Source: cve@mitre.org

https://github.com/firebase/php-jwt/releases/tag/v7.0.0

Source: cve@mitre.org

https://github.com/github/advisory-database/pull/6954

Source: cve@mitre.org

8 reference(s) from NVD

Quick Stats

CVSS v3 Score

6.5 / 10.0

EPSS (Exploit Probability)

0.0%

1th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-326

Affected Vendors

google

Related CVEs

CVE-2026-4867 7.5

CVE-2026-3116 4.9

CVE-2026-3115 4.3

CVE-2026-3114 6.5

CVE-2026-3113 5.0