CVE-2025-45769

MEDIUM 6.5

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

Vendor	n/a
Product	n/a
Published	Jul 31, 2025
Last Updated	Feb 18, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new medium vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/firebase/php-jwt github.com: https://github.com/firebase gist.github.com: https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3 github.com: https://github.com/firebase/php-jwt/issues/620 github.com: https://github.com/github/advisory-database/pull/6954 github.com: https://github.com/advisories/GHSA-2x45-7fc3-mxwq github.com: https://github.com/firebase/php-jwt/releases/tag/v7.0.0 github.com: https://github.com/firebase/php-jwt/pull/613