CVE-2025-63811 — Vulnetix

CVE-2025-63811 PUBLISHED CVSS 7.5 HIGH

jose2go is vulnerable to a JWT bomb attack through its decode function

EPSS 0.03% · 8.1th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.03%

8.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
dvsekhvalnov	jose2go	1.5.0
github.com	dvsekhvalnov/jose2go	0

Timeline

Nov 12, 2025 CVE Published
Nov 13, 2025 EPSS Score
Nov 14, 2025 CVE Updated
Nov 18, 2025 EPSS Score
Nov 23, 2025 EPSS Score
Nov 28, 2025 EPSS Score
Dec 3, 2025 EPSS Score
Dec 9, 2025 EPSS Score
Dec 14, 2025 EPSS Score
Dec 19, 2025 EPSS Score
Dec 24, 2025 EPSS Score
Dec 29, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›