CVE-2025-45769: php-jwt contains weak encryption
(updated )
php-jwt v6.11.0 was discovered to contain weak encryption.
References
- gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3
- github.com/advisories/GHSA-2x45-7fc3-mxwq
- github.com/firebase/php-jwt
- github.com/firebase/php-jwt/commit/6b80341bf57838ea2d011487917337901cd71576
- github.com/firebase/php-jwt/issues/611
- github.com/firebase/php-jwt/issues/618
- github.com/firebase/php-jwt/pull/613
- github.com/firebase/php-jwt/releases/tag/v7.0.0
- nvd.nist.gov/vuln/detail/CVE-2025-45769
Code Behaviors & Features
Detect and mitigate CVE-2025-45769 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →