CVE-2025-4576931.07.2025, 20:15php-jwt v6.11.0 was discovered to contain weak encryption.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.3 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LmitreCNA------CISA-ADPADP7.3 HIGHNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LAwaiting analysisThis vulnerability is currently awaiting analysis.Base ScoreCVSS 3.xEPSS ScorePercentile: UnknownCommon Weakness EnumerationCWE-326 - Inadequate Encryption StrengthThe software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Referenceshttps://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3https://github.com/firebasehttps://github.com/firebase/php-jwt