CVE-2025-45765

CVSS 9.1 CRITICALEPSS 0.2%CWE-326

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

07 Aug 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/ZupeiNie/c621253068ce5b64911629534879e8f9 https://github.com/jwt/ruby-jwt/issues/668