CVE-2025-54887CRITICAL 9.1EPSS p13.8%

CVE-2025-54887CVE-2025-54887

Description

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk because JWEs can be modified to decrypt to an arbitrary value, decrypted by observing parsing differences and the GCM internal GHASH key can be recovered. Users are affected by this vulnerability even if they do not use an AES-GCM encryption algorithm for their JWEs. As the GHASH key may have been leaked, users must rotate the encryption keys after upgrading. This issue is fixed in version 1.1.1.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.23% probability of exploitation · percentile 13.8% · 2026-06-19T12:03:05Z
Published2025-08-08
Last modified2026-04-15

Underlying weaknesses· 1

CWE-354

References

  1. https://github.com/jwt/ruby-jwe/commit/1e719d79ba3d7aadaa39a2f08c25df077a0f9ff1
  2. https://github.com/jwt/ruby-jwe/security/advisories/GHSA-c7p4-hx26-pr73

1

TypeTargetConfidenceTier
WeaknessImproper Validation of Integrity Check Valuecwe-3540%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-45765
CVE
CVE-2025-3757
CVE
CVE-2026-48526
CVE
CVE-2026-33210
CVE
CVE-2025-3177
CVE
CVE-2025-11290
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.