CVE-2025-43866
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-43866
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-43866.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-43866
- Aliases
- Published
- 2025-06-12T18:04:57.649Z
- Modified
- 2025-12-02T20:00:01.456433Z
- Severity
-
- 1.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Vantage6 Server JWT secret not cryptographically secure
- Details
-
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-330" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/43xxx/CVE-2025-43866.json" }- References
Affected packages
Git / github.com/vantage6/vantage6
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vantage6/vantage6
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.0.0
v3.*
v3.4.0
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0a6
v3.4.1
v3.4.1a0
v3.4.1a1
v3.4.1a2
v3.4.1a3
v3.4.2
v3.4.2a0
v3.4.3
v3.5.0
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.2
v3.6.1
v3.6.1rc1
v3.6.1rc2
v3.6.1rc3
v3.7.0
v3.7.0rc1
v3.7.0rc2
v3.7.1
v3.7.2
v3.7.3
v3.8.0
v3.8.0rc2
v3.8.0rc3
v3.8.1
v3.8.2
v3.8.2rc1
version/0.*
version/0.0.0
version/0.0.0b3
version/3.*
version/3.10.0
version/3.10.0rc1
version/3.10.1
version/3.10.2
version/3.10.3
version/3.10.4
version/3.11.0
version/3.11.0rc1
version/3.11.0rc2
version/3.11.0rc3
version/3.11.1
version/3.3.0
version/3.3.0rc1
version/3.3.0rc2
version/3.3.0rc3
version/3.3.0rc4
version/3.3.1
version/3.3.2
version/3.3.3
version/3.3.4
version/3.3.5
version/3.3.6
version/3.3.7
version/3.3.8a1
version/3.3.8a2
version/3.3.8a3
version/3.3.8a4
version/3.3.8a5
version/3.3.8a6
version/3.3.8a7
version/3.3.8a8
version/3.3.8a9
version/3.4.0
version/3.4.0a0
version/3.4.0a1
version/3.4.0a2
version/3.4.0a3
version/3.4.0a4
version/3.4.0a5
version/3.4.0a6
version/3.4.1
version/3.4.1a0
version/3.4.1a1
version/3.4.1a2
version/3.4.1a3
version/3.4.2
version/3.4.2a0
version/3.4.3
version/3.5.0
version/3.5.0rc1
version/3.5.0rc2
version/3.5.0rc3
version/3.5.1
version/3.5.2
version/3.6.1
version/3.6.1rc1
version/3.6.1rc2
version/3.6.1rc3
version/3.7.0
version/3.7.0rc1
version/3.7.0rc2
version/3.7.1
version/3.7.2
version/3.7.3
version/3.8.0
version/3.8.0rc1
version/3.8.0rc2
version/3.8.0rc3
version/3.8.1
version/3.8.2
version/3.8.2rc1
version/3.8.3
version/3.8.4
version/3.8.5
version/3.8.6
version/3.8.7
version/3.8.7rc1
version/3.8.8
version/3.8.8rc1
version/3.8.8rc2
version/3.8.8rc3
version/3.9.0
version/3.9.0rc1
version/3.9.0rc2
version/3.9.0rc3
version/3.9.0rc4
version/4.*
version/4.0.0
version/4.0.0a1
version/4.0.0a10
version/4.0.0a2
version/4.0.0a3
version/4.0.0a4
version/4.0.0a5
version/4.0.0a6
version/4.0.0a7
version/4.0.0a8
version/4.0.0a9
version/4.0.1
version/4.0.1rc1
version/4.0.1rc2
version/4.0.2
version/4.0.3
version/4.1.0
version/4.1.0b0
version/4.1.0b1
version/4.1.0rc0
version/4.1.1
version/4.1.2
version/4.1.2rc1
version/4.1.3
version/4.10.0
version/4.10.0rc1
version/4.10.0rc2
version/4.10.0rc3
version/4.10.0rc4
version/4.10.1
version/4.10.1rc1
version/4.10.2
version/4.11.0rc1
version/4.11.0rc2
version/4.11.0rc3
version/4.11.0rc4
version/4.2.0
version/4.2.0rc1
version/4.2.0rc2
version/4.2.1
version/4.2.2
version/4.2.3
version/4.3.0
version/4.3.0b1
version/4.3.0b2
version/4.3.0b3
version/4.3.0b4
version/4.3.0b5
version/4.3.0b6
version/4.3.0rc1
version/4.3.0rc2
version/4.3.1
version/4.3.2
version/4.3.2rc1
version/4.3.2rc2
version/4.3.3
version/4.3.4
version/4.3.4rc1
version/4.3.4rc2
version/4.3.4rc3
version/4.4.0
version/4.4.0a1
version/4.4.0rc1
version/4.4.0rc2
version/4.4.0rc3
version/4.4.1
version/4.5.0
version/4.5.0rc1
version/4.5.0rc2
version/4.5.0rc3
version/4.5.1
version/4.5.2
version/4.5.3
version/4.5.4
version/4.5.5
version/4.6.0
version/4.6.0rc1
version/4.6.0rc2
version/4.6.0rc3
version/4.6.0rc4
version/4.6.0rc5
version/4.6.0rc6
version/4.6.0rc7
version/4.6.1
version/4.7.0
version/4.7.0rc1
version/4.7.0rc2
version/4.7.1
version/4.7.1rc1
version/4.8.0
version/4.8.0rc1
version/4.8.0rc2
version/4.8.0rc3
version/4.8.1
version/4.8.2
version/4.9.0
version/4.9.0rc1
version/4.9.1