JWT Signing Vulnerability in Litmus Platform by Litmus
CVE-2025-14261

7.1HIGH

Key Information:

Vendor: Litmuschaos
Status: Litmus
Vendor: CVE Published:; 8 December 2025

🔔 Create Litmuschaos Vulnerability Alert

What is CVE-2025-14261?

The Litmus platform has a significant vulnerability in its implementation of JSON Web Tokens (JWT) for authentication and authorization. The core issue arises from the use of a signing secret that is merely 6 bytes long, rendering it highly susceptible to cracking attempts. This weakness can potentially allow attackers to exploit the authentication process, gaining unauthorized access to the system and compromising sensitive data.

Affected Version(s)

litmus 0 < 3.23.0

References

https://research.jfrog.com/vulnerabilities/litmus-jwt-mis...

third-party-advisory

https://github.com/litmuschaos/litmus/pull/5324

patch

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Dec 8, 2025

JSON