CVE-2025-4577031.07.2025, 20:15jwt v5.4.3 was discovered to contain weak encryption.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7 HIGHNETWORKHIGHNONECVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HmitreCNA------CISA-ADPADP7 HIGHNETWORKHIGHNONECVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:HAwaiting analysisThis vulnerability is currently awaiting analysis.Base ScoreCVSS 3.xEPSS ScorePercentile: UnknownDebian ReleasesDebian ProductCodenamephp-lcobucci-jwttrixievulnerablesidvulnerableCommon Weakness EnumerationCWE-326 - Inadequate Encryption StrengthThe software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.Referenceshttps://gist.github.com/ZupeiNie/cd88c827eef11a1618f8baacccd240fbhttps://github.com/lcobuccihttps://github.com/lcobucci/jwt
