CVE-2025-54887: 
Ruby vulnerability analysis and mitigation

CVE-2025-54887 affects the Ruby implementation of JSON Web Encryption (JWE) standard (RFC 7516) in versions 1.1.0 and below. The vulnerability was discovered and disclosed on August 7, 2025, impacting the JWE Ruby package which has seen over 7.2 million downloads. The flaw received a Critical CVSS score of 9.1, stemming from missing authentication tag validation in the AES-GCM encryption process (NVD, Security Online).

The vulnerability stems from improper validation of integrity check values (CWE-354) in the AES-GCM authentication process. The flaw allows authentication tags of encrypted JWEs to be brute forced due to missing tag length validation. The issue affects all deployments using the package, regardless of whether AES-GCM is the chosen encryption algorithm for the JWE. The vulnerability has been assigned a CVSS v3.1 base score of 9.1 (Critical) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N, indicating network accessibility, low attack complexity, and no required privileges or user interaction (GitHub Advisory).

The vulnerability can lead to multiple severe security impacts: loss of confidentiality for encrypted JWEs, ability to craft arbitrary JWEs, unauthorized decryption of JWEs through parsing differences exploitation, and potential recovery of the GCM internal GHASH key. The compromise extends to all deployments, even those not actively using AES-GCM encryption algorithms (Security Online, GitHub Advisory).

The vulnerability has been patched in version 1.1.1 of the JWE Ruby package, which implements proper authentication tag length checks for the AES-GCM algorithm. Due to the potential compromise of the GHASH key, users must rotate all encryption keys after upgrading to version 1.1.1 (GitHub Advisory, Security Online).