CVE-2025-45768

High CVSS 7.0

Overview

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).

CWE: CWE-311 Published: 2025-07-31T21:15:27.320

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.0 (HIGH)
Detected tags: crypto (tag impact: MODERATE)

Recommended actions:

Drop weak ciphers/protocols; prefer modern, safe defaults.

Overview

Recommended tools

Tags