CNNVD-202506-1696 Information

CNNVD ID

CNNVD-202506-1696

Related CVE

CVE-2025-43866

• CNNVD Published: 2025-06-12

Description (Chinese)

vantage6是vantage6开源的一个用于 Secure Insight eXchange 的开源 priVAcy preserviNg federalTed leArningG 基础架构。 vantage6 4.11.0之前版本存在安全特征问题漏洞，该漏洞源于JWT密钥自动生成不安全，可能导致密钥预测。

Description (English)

vantage6 is an open source base structure for security Insight eXchange for use in vantage6. There is a security feature loophole in the pre-vantage6 4.11.0, which stems from the lack of security in the automatic generation of JWT keys, which may lead to key predictions.

Hazard Level

High

Vulnerability Type

安全特征问题

Affected Vendor

vantage6

Published

2025-06-12

Last Modified

2026-02-24

References

https://github.com/vantage6/vantage6/security/advisories/GHSA-m3mq-f375-5vgh https://access.redhat.com/security/cve/cve-2025-43866 https://nvd.nist.gov/vuln/detail/CVE-2025-43866

Patch

https://github.com/vantage6/vantage6/releases