CVE-2025-45769 | THREATINT

Description

php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

PUBLISHED Reserved 2025-04-22 | Published 2025-07-31 | Updated 2026-02-18 | Assigner mitre

References

github.com/firebase/php-jwt

github.com/firebase

gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3

github.com/firebase/php-jwt/issues/620

github.com/github/advisory-database/pull/6954

github.com/advisories/GHSA-2x45-7fc3-mxwq

github.com/firebase/php-jwt/releases/tag/v7.0.0

github.com/firebase/php-jwt/pull/613

cve.org (CVE-2025-45769)

nvd.nist.gov (CVE-2025-45769)

Download JSON