CVE-2025-45765
Essential information
- Published
- 07/08/2025 21:15
- Modified
- 07/08/2025 21:26
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."
NVD status
- Status
- Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| ruby / jwt | cpe:2.3:a:ruby:jwt:3.0.0.beta1:*:*:*:*:*:*:* |