GHSA-c7p4-hx26-pr73
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c7p4-hx26-pr73
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-c7p4-hx26-pr73/GHSA-c7p4-hx26-pr73.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-c7p4-hx26-pr73
- Aliases
- Published
- 2025-08-07T20:55:35Z
- Modified
- 2025-08-08T19:34:05.436273Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- JWE is missing AES-GCM authentication tag validation in encrypted JWE
- Details
-
Overview
The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs.
Impact
- JWEs can be modified to decrypt to an arbitrary value
- JWEs can be decrypted by observing parsing differences
- The GCM internal GHASH key can be recovered
Am I Affected?
You are affected by this vulnerability even if you do not use an
AES-GCMencryption algorithm for your JWEs.Patches
The version 1.1.1 fixes the issue by adding the tag length check for the
AES-GCMalgorithm.Important: As the GHASH key could have leaked, you must rotate the encryption keys after upgrading to version 1.1.1.
References
- Database specific
{ "nvd_published_at": "2025-08-08T01:15:25Z", "github_reviewed": true, "github_reviewed_at": "2025-08-07T20:55:35Z", "severity": "CRITICAL", "cwe_ids": [ "CWE-354" ] }- References
-
- https://github.com/jwt/ruby-jwe/security/advisories/GHSA-c7p4-hx26-pr73
- https://nvd.nist.gov/vuln/detail/CVE-2025-54887
- https://github.com/jwt/ruby-jwe/commit/1e719d79ba3d7aadaa39a2f08c25df077a0f9ff1
- https://github.com/jwt/ruby-jwe
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jwe/CVE-2025-54887.yml
Affected packages
RubyGems / jwe
Package
- Name
- jwe
- Purl
- pkg:gem/jwe