CVE-2025-45769

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

p

hp-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

References

Link	Resource
https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3	Third Party Advisory
https://github.com/advisories/GHSA-2x45-7fc3-mxwq
https://github.com/firebase	Product
https://github.com/firebase/php-jwt	Product
https://github.com/firebase/php-jwt/issues/620
https://github.com/firebase/php-jwt/pull/613
https://github.com/firebase/php-jwt/releases/tag/v7.0.0
https://github.com/github/advisory-database/pull/6954

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:firebase_php-jwt:*:*:*:*:*:*:*:*

History

18 Feb 2026, 22:16

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.3~~	v2 : unknown v3 : 6.5

18 Feb 2026, 17:21

Type	Values Removed	Values Added
References		() https://github.com/advisories/GHSA-2x45-7fc3-mxwq - () https://github.com/firebase/php-jwt/issues/620 - () https://github.com/firebase/php-jwt/pull/613 - () https://github.com/firebase/php-jwt/releases/tag/v7.0.0 - () https://github.com/github/advisory-database/pull/6954 -

17 Aug 2025, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-31 20:15

Updated : 2026-02-18 22:16

NVD link : CVE-2025-45769

Mitre link : CVE-2025-45769

CVE.ORG link : CVE-2025-45769

JSON object : View

Products Affected

firebase_php-jwt

CWE

CWE-326

Inadequate Encryption Strength

{"id": "CVE-2025-45769", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "[email protected]"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-07-31T20:15:33.150", "references": [{"url": "https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/advisories/GHSA-2x45-7fc3-mxwq", "source": "[email protected]"}, {"url": "https://github.com/firebase", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/firebase/php-jwt", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/firebase/php-jwt/issues/620", "source": "[email protected]"}, {"url": "https://github.com/firebase/php-jwt/pull/613", "source": "[email protected]"}, {"url": "https://github.com/firebase/php-jwt/releases/tag/v7.0.0", "source": "[email protected]"}, {"url": "https://github.com/github/advisory-database/pull/6954", "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record."}, {"lang": "es", "value": "Se descubri\u00f3 que php-jwt v6.11.0 conten\u00eda un cifrado d\u00e9bil."}], "lastModified": "2026-02-18T22:16:24.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:firebase_php-jwt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FEDA88B-58C2-46A2-AAB1-C179D4B6E63F", "versionEndIncluding": "6.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}