CVE-2025-45768

HIGH7.0EPSS 0.16%

Published: 7/31/2025Modified: 5/21/2026

Description

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).

Affected packages (2)

Debian/pyjwtfrom 0
PyPI/pyjwtfrom 0, <= 2.10.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

References (4)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-45768
PATCHhttps://github.com/jpadilla/pyjwt
REPORThttps://gist.github.com/ZupeiNie/6f65e564f2067b876321d3dfdbb76569
WEBhttps://github.com/jpadilla