Vulnerability Details CVE-2025-3757
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.0%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2025-3757
-
cpe:2.3:a:openpubkey:openpubkey:0.1.0
-
cpe:2.3:a:openpubkey:openpubkey:0.2.0
-
cpe:2.3:a:openpubkey:openpubkey:0.2.1
-
cpe:2.3:a:openpubkey:openpubkey:0.3.0
-
cpe:2.3:a:openpubkey:openpubkey:0.4.0
-
cpe:2.3:a:openpubkey:openpubkey:0.5.0
-
cpe:2.3:a:openpubkey:openpubkey:0.5.1
-
cpe:2.3:a:openpubkey:openpubkey:0.5.2
-
cpe:2.3:a:openpubkey:openpubkey:0.6.0
-
cpe:2.3:a:openpubkey:openpubkey:0.7.0
-
cpe:2.3:a:openpubkey:openpubkey:0.7.1
-
cpe:2.3:a:openpubkey:openpubkey:0.7.2
-
cpe:2.3:a:openpubkey:openpubkey:0.7.3
-
cpe:2.3:a:openpubkey:openpubkey:0.8.0
-
cpe:2.3:a:openpubkey:openpubkey:0.9.0