216.73.217.80

CVE-2025-43866

· Published 12/06/2025 18:15 · Modified 12/06/2025 18:15

Labels: CVE-2025-43866 2025-06-12CVE-2025-43866CWE-330[email protected]

Essential information

Published
12/06/2025 18:15
Modified
12/06/2025 18:15
Author
Creator
CVSS
1.7 LOW (v3) 1.7 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
vantage6 / vantage6 cpe:2.3:a:vantage6:vantage6:4.11.0:*:*:*:*:*:*:*

References