Critical severity9.1NVD Advisory· Published Aug 7, 2025· Updated Apr 15, 2026

CVE-2025-45765

Description

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/ZupeiNie/c621253068ce5b64911629534879e8f9nvd
github.com/jwt/ruby-jwt/issues/668nvd

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000