Description

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."

INFO

Published Date :

2025-08-07T00:00:00.000Z

Last Modified :

2025-08-12T14:10:04.108Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-45765 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-45765.

URL Resource
https://gist.github.com/ZupeiNie/c621253068ce5b64911629534879e8f9 cve-icon cve-icon cve-icon
https://github.com/jwt/ruby-jwt/issues/668 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-45765 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-45765 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact