CVE-2025-68925
MEDIUM5.3EPSS 0.02%Jervis Has a JWT Algorithm Confusion Vulnerability
Description
### Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L244-L249 The code doesn't validate that the JWT header specifies `"alg":"RS256"`. ### Impact Depending on the broader system, this could allow JWT forgery. Internally this severity is low since JWT is only intended to interface with GitHub. External users should consider severity moderate. ### Patches Jervis patch will explicitly verify the algorithm in the header matches expectations and further verify the JWT structure. Upgrade to Jervis 2.2. ### Workarounds External users should consider using an alternate JWT library or upgrade. ### References - [RFC 7518: JSON Web Algorithms](https://datatracker.ietf.org/doc/html/rfc7518)
Affected packages (1)
- Maven/net.gleske:jervisfrom 0, < 2.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-68925
- PATCHhttps://github.com/samrocketman/jervis
- WEBhttp://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a
- WEBhttps://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy#L244-L249
- WEBhttps://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a
- WEBhttps://github.com/samrocketman/jervis/security/advisories/GHSA-5pq9-5mpr-jj85