CVE-2025-45765: Weak Encryption
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2025-45765?
CVE-2025-45765 has been classified as a moderate severity vulnerability due to its weak encryption vulnerability in ruby-jwt.
How do I fix CVE-2025-45765?
To fix CVE-2025-45765, update to a more recent version of the ruby-jwt gem that enforces stronger encryption practices.
What versions are affected by CVE-2025-45765?
CVE-2025-45765 affects ruby-jwt version 3.0.0.beta1 and potentially earlier versions that do not enforce stronger key sizes.
What impact does CVE-2025-45765 have on applications?
CVE-2025-45765 may expose applications to security risks related to weak encryption practices, making them vulnerable to attacks.
Is OpenSSL affected by CVE-2025-45765?
While OpenSSL itself is not directly affected, the enforcement of key size restrictions in more recent OpenSSL versions impacts ruby-jwt users.