CNNVD-202507-3950 Information

CNNVD ID

CNNVD-202507-3950

Related CVE

CVE-2025-45769

• CNNVD Published: 2025-07-31

Description (Chinese)

PHP-JWT是Firebase开源的一个简单的库，用于在 PHP 中编码和解码 JSON Web 令牌 (JWT)，符合RFC 7519。 PHP-JWT v6.11.0版本存在安全漏洞，该漏洞源于弱加密。

Description (English)

PHP-JWT is a simple library of Firebase open sources for coding and decodering in PHP JSON Web tokens (JWT), which corresponds to RFC 7519. Version PHP-JWT v61.1.0 contains a security loophole that originates from weak encryption.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Firebase

Published

2025-07-31

Last Modified

2026-02-24

References

https://github.com/firebase https://github.com/firebase/php-jwt https://gist.github.com/ZupeiNie/83756316c4c24fe97a50176a92608db3 https://access.redhat.com/security/cve/cve-2025-45769

Patch

https://github.com/firebase/php-jwt/releases