High severity7.0NVD Advisory· Published Jul 31, 2025· Updated Jun 17, 2026
CVE-2025-45768
CVE-2025-45768
Description
pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- pyjwt/pyjwtdescription
- osv-coords10 versionspkg:apk/chainguard/py3.10-pyjwtpkg:apk/chainguard/py3.11-pyjwtpkg:apk/chainguard/py3.12-pyjwtpkg:apk/chainguard/py3.13-pyjwtpkg:apk/chainguard/py3-pyjwtpkg:apk/wolfi/py3.10-pyjwtpkg:apk/wolfi/py3.11-pyjwtpkg:apk/wolfi/py3.12-pyjwtpkg:apk/wolfi/py3.13-pyjwtpkg:apk/wolfi/py3-pyjwt
< 0+ 9 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
1- gist.github.com/ZupeiNie/6f65e564f2067b876321d3dfdbb76569nvdIssue Tracking
News mentions
0No linked articles in our index yet.