CVE-2025-45768: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-45768 affects pyjwt version 2.10.1 and earlier versions, which was discovered to contain weak encryption. The vulnerability was disclosed on July 31, 2025, and impacts the JSON Web Token (JWT) implementation in Python (NVD, GitHub Advisory).

The vulnerability stems from inadequate encryption strength in the HMAC and RSA key lengths used in the JSON Web Signature (JWS) implementation. These key lengths do not meet recommended security standards as specified in RFC 7518, NIST SP800-117, and RFC 2437. The vulnerability is classified under CWE-311 (Missing Encryption of Sensitive Data) and has received a CVSS v3.1 base score of 7.0 (High), with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H (NVD, GitHub Advisory).

The weak encryption vulnerability can lead to potential security breaches affecting the confidentiality, integrity, and availability of systems using pyjwt. According to the CVSS metrics, the vulnerability has low impact on confidentiality and integrity but high impact on availability. The vulnerability is exploitable over the network, though it requires high attack complexity (Ubuntu Security).

Users are advised to upgrade to a version newer than v2.10.1 when available. The vulnerability is currently under evaluation for various Linux distributions including Ubuntu 25.04, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS (Ubuntu Security).