CVE-2025-68925: Jervis Has a JWT Algorithm Confusion Vulnerability
(updated )
Depending on the broader system, this could allow JWT forgery.
Internally this severity is low since JWT is only intended to interface with GitHub. External users should consider severity moderate.
References
- github.com/advisories/GHSA-5pq9-5mpr-jj85
- github.com/samrocketman/jervis
- github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovy
- github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a
- github.com/samrocketman/jervis/security/advisories/GHSA-5pq9-5mpr-jj85
- nvd.nist.gov/vuln/detail/CVE-2025-68925
Code Behaviors & Features
Detect and mitigate CVE-2025-68925 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →