Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-53864
Awaiting Analysis
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-11 Jul, 2025 | 03:16
Updated At-23 Sep, 2025 | 19:15

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-674Secondarycve@mitre.org
CWE ID: CWE-674
Type: Secondary
Source: cve@mitre.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f7fb882cc08f027c9ceb874acec3b51c6222861ccve@mitre.org
N/A
https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nestedcve@mitre.org
N/A
https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/593/back-port-cve-2025-53864-fix-to-9x-branchcve@mitre.org
N/A
https://github.com/google/gson/commit/1039427ff0100293dd3cf967a53a55282c0fef6bcve@mitre.org
N/A
https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0cve@mitre.org
N/A
https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f7fb882cc08f027c9ceb874acec3b51c6222861c
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/593/back-port-cve-2025-53864-fix-to-9x-branch
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/google/gson/commit/1039427ff0100293dd3cf967a53a55282c0fef6b
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Change History
0Changes found
Details not found