ByteOS Network

NVD Vulnerability Details :

CVE-2025-45769

Modified

Source-cve@mitre.org

Published At-31 Jul, 2025 | 20:15

Updated At-18 Feb, 2026 | 22:16

php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CPE Matches

Google LLC

>>firebase_php-jwt>>Versions up to 6.11.0(inclusive)

cpe:2.3:a:google:firebase_php-jwt:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-326	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-326

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3	cve@mitre.org	Third Party Advisory
https://github.com/advisories/GHSA-2x45-7fc3-mxwq	cve@mitre.org	N/A
https://github.com/firebase	cve@mitre.org	Product
https://github.com/firebase/php-jwt	cve@mitre.org	Product
https://github.com/firebase/php-jwt/issues/620	cve@mitre.org	N/A
https://github.com/firebase/php-jwt/pull/613	cve@mitre.org	N/A
https://github.com/firebase/php-jwt/releases/tag/v7.0.0	cve@mitre.org	N/A
https://github.com/github/advisory-database/pull/6954	cve@mitre.org	N/A