VDB
CVE-2025-45769
CVE-2025-45769
PUBLISHED
CVSS 6.5 MEDIUM
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
EPSS 0.05% · 15.7th percentile
Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.05%
15.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| firebase | php-jwt | 0 |
| firebase_php-jwt | 0 | |
| n/a | n/a | n/a |
Timeline
- Jul 30, 2025 PoC Published
- Jul 31, 2025 CVE Published
- Jul 31, 2025 Coalition ESS Score
- Aug 1, 2025 EPSS Score
- Aug 1, 2025 Coalition ESS Score
- Aug 2, 2025 Coalition ESS Score
- Aug 3, 2025 Coalition ESS Score
- Aug 4, 2025 Coalition ESS Score
- Aug 5, 2025 Coalition ESS Score
- Aug 6, 2025 Coalition ESS Score
- Aug 8, 2025 Coalition ESS Score
- Aug 10, 2025 EPSS Score
References
- https://github.com/firebase/php-jwt url
- https://github.com/firebase url
- https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3 url
- https://github.com/firebase/php-jwt/issues/620 url
- https://github.com/github/advisory-database/pull/6954 url
- https://github.com/advisories/GHSA-2x45-7fc3-mxwq url
- https://github.com/firebase/php-jwt/releases/tag/v7.0.0 url
- https://github.com/firebase/php-jwt/pull/613 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-45769 advisory
- https://github.com/firebase/php-jwt/issues/611 url
- https://github.com/firebase/php-jwt/issues/618 url
- https://github.com/firebase/php-jwt/commit/6b80341bf57838ea2d011487917337901cd71576 url