Vulnerability Details CVE-2025-45768
pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.4%
CVSS Severity
CVSS v3 Score 7.0
References
Products affected by CVE-2025-45768
-
cpe:2.3:a:pyjwt_project:pyjwt:2.10.1