Brute Force Vulnerability in Ruby JSON Web Encryption Implementation by JWT
CVE-2025-54887

9.1CRITICAL

Key Information:

Vendor: Jwt
Status: Ruby-jwe
Vendor: CVE Published:; 8 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-54887?

The jwe library, which implements the JSON Web Encryption standard for Ruby, has a vulnerability in versions 1.1.0 and earlier that allows an attacker to brute force authentication tags of encrypted JSON Web Encryptions (JWEs). This vulnerability threatens the confidentiality of sensitive data contained in JWEs, enabling attackers to manipulate or craft arbitrary JWEs. Even users not employing the AES-GCM encryption algorithm are at risk due to potential exposure of the GCM internal GHASH key. It is essential for users to rotate their encryption keys following an upgrade to version 1.1.1, where this issue has been resolved.

Affected Version(s)

ruby-jwe < 1.1.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

PoC_CVE-2025-54887
Created by shinigami-777

References

https://github.com/jwt/ruby-jwe/security/advisories/GHSA-...

x_refsource_CONFIRM

https://github.com/jwt/ruby-jwe/commit/1e719d79ba3d7aadaa...

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 13, 2025
👾
Exploit known to exist
Aug 13, 2025
Vulnerability published
Aug 8, 2025
Vulnerability Reserved
Jul 31, 2025

JSON

Jwt

Badges

What is CVE-2025-54887?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline