We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-54887

jwe: Missing AES-GCM authentication tag validation in encrypted JWEs



Description

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk because JWEs can be modified to decrypt to an arbitrary value, decrypted by observing parsing differences and the GCM internal GHASH key can be recovered. Users are affected by this vulnerability even if they do not use an AES-GCM encryption algorithm for their JWEs. As the GHASH key may have been leaked, users must rotate the encryption keys after upgrading. This issue is fixed in version 1.1.1.

Reserved 2025-07-31 | Published 2025-08-08 | Updated 2025-08-08 | Assigner GitHub_M


CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-354: Improper Validation of Integrity Check Value

Product status

< 1.1.1
affected

References

github.com/...by-jwe/security/advisories/GHSA-c7p4-hx26-pr73

github.com/...ommit/1e719d79ba3d7aadaa39a2f08c25df077a0f9ff1

cve.org (CVE-2025-54887)

nvd.nist.gov (CVE-2025-54887)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-54887

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.