SB2025090915 - Use of a broken or risky cryptographic algorithm in jose
Published: September 9, 2025
Security Bulletin ID
SB2025090915
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2025-45767)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to weak encryption. A remote attacker can gain unauthorized access to sensitive information on the system, potentially leading to a significant impact on data confidentiality.
Remediation
Install update from vendor's website.
References
- https://gist.github.com/ZupeiNie/705a606fbb99f3bb8c9b51e5bc13c91d
- https://gist.github.com/ZupeiNie/705a606fbb99f3bb8c9b51e5bc13c91d?permalink_comment_id=5711572#gistcomment-5711572
- https://github.com/panva
- https://github.com/panva/jose
- https://github.com/panva/jose/blob/1e36dd29e76511e06737e5d5d500d81e01a9c3d2/src/lib/check_key_length.ts#L6-L7
- https://github.com/panva/jose/discussions/813