CNNVD-202507-1613 Information

Jul 11, 2025 cve

CNNVD ID

CNNVD-202507-1613

CVE-2025-53864

  • CNNVD Published: 2025-07-11

Description (Chinese)

Connect2id Nimbus JOSE + JWT是Connect2id公司的一款Java库。 Connect2id Nimbus JOSE + JWT 10.0.2之前版本存在安全漏洞,该漏洞源于JSON对象嵌套处理不当,可能导致拒绝服务攻击。

Description (English)

Conect2id Nimbus JOSE + JWT is a Java bank of Conect2id. The previous version of Conect2id Nimbus JOSE + JWT 10.2 had a security loophole, which stemmed from the inappropriate handling of the JSON object’s nest, which could lead to a denial of service attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Connected IO

Published

2025-07-11

Last Modified

2026-02-24

References

https://github.com/google/gson/compare/gson-parent-2.11.0…gson-parent-2.12.0 https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/593/back-port-cve-2025-53864-fix-to-9x-branch https://github.com/google/gson/commit/1039427ff0100293dd3cf967a53a55282c0fef6b https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f7fb882cc08f027c9ceb874acec3b51c6222861c https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://connect2id.com/products/nimbus-jose-jwt/download

Share on: