Weak Encryption in pyjwt v2.10.1 from Vendor jpadilla
CVE-2025-45768

7HIGH

Key Information:

Vendor: jpadilla
Status: pyjwt
Vendor: CVE Published:; 31 July 2025

What is CVE-2025-45768?

The pyjwt v2.10.1 version has been identified with a vulnerability that allows weak encryption standards to be utilized, which could compromise the security of tokens generated using this library. This vulnerability may expose sensitive information and undermine the integrity of authentication processes in applications relying on this library for JSON Web Tokens (JWT). Immediate action is recommended to mitigate potential risks associated with this weakness.

References

https://github.com/jpadilla

https://github.com/jpadilla/pyjwt

https://gist.github.com/ZupeiNie/6f65e564f2067b876321d3df...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2025
Vulnerability Reserved
Apr 22, 2025

JSON