High severity7.1NVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026

CVE-2025-14261

Description

The Litmus platform uses JWT for authentication and authorization, but the secret being used for signing the JWT is only 6 bytes long at its core, which makes it extremely easy to crack.

Affected products

Litmuschaos/Litmusreferences

Patches

b93ebfd0492b

https://github.com/litmuschaos/litmusvia osv

PR #5324

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/litmuschaos/litmus/pull/5324nvd
research.jfrog.com/vulnerabilities/litmus-jwt-missing-entropy-elevation-jfsa-2025-001648159/nvd

News mentions

No linked articles in our index yet.

cvss	0.461
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000