9.1
CRITICAL CVSS 3.1
CVE-2025-54887
jwe JSON Web Encryption Authentication Tag Brute Force Vulnerability
Description

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk because JWEs can be modified to decrypt to an arbitrary value, decrypted by observing parsing differences and the GCM internal GHASH key can be recovered. Users are affected by this vulnerability even if they do not use an AES-GCM encryption algorithm for their JWEs. As the GHASH key may have been leaked, users must rotate the encryption keys after upgrading. This issue is fixed in version 1.1.1.

INFO

Published Date :

Aug. 8, 2025, 1:15 a.m.

Last Modified :

Aug. 8, 2025, 8:30 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Affected Products

The following products are affected by CVE-2025-54887 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
Public PoC/Exploit Available at Github

CVE-2025-54887 has a 3 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-54887.

URL Resource
https://github.com/jwt/ruby-jwe/commit/1e719d79ba3d7aadaa39a2f08c25df077a0f9ff1
https://github.com/jwt/ruby-jwe/security/advisories/GHSA-c7p4-hx26-pr73
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-54887 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-54887 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
Wizard079/CVE-2025-54887_POC

this is a poc for the CVE-2025-54887

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 13, 2025, 1:21 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
shinigami-777/PoC_CVE-2025-54887

Proof of Concept for CVE-2025-54887

Ruby

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : Aug. 12, 2025, 3:22 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
nomi-sec/PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 8 hours, 8 minutes ago
7204 stars 1199 fork 1199 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 808 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-54887 vulnerability anywhere in the article.

  • CybersecurityNews
AI Systems Can Generate Working Exploits for Published CVEs in 10-15 Minutes

Artificial intelligence systems can automatically generate functional exploits for newly published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit. Th ... Read more

Published Date: Aug 22, 2025 (16 hours, 28 minutes ago)
  • Daily CyberSecurity
Critical JWE Ruby Flaw (CVE-2025-54887) Bypasses AES-GCM Authentication, Exposing Encrypted Data

A severe security vulnerability has been uncovered in the Ruby implementation of JSON Web Encryption (JWE), tracked as CVE-2025-54887, carrying a CVSS score of 9.1. The flaw stems from missing authent ... Read more

Published Date: Aug 08, 2025 (2 weeks ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-54887 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Aug. 08, 2025

    Action Type Old Value New Value
    Added Description jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk because JWEs can be modified to decrypt to an arbitrary value, decrypted by observing parsing differences and the GCM internal GHASH key can be recovered. Users are affected by this vulnerability even if they do not use an AES-GCM encryption algorithm for their JWEs. As the GHASH key may have been leaked, users must rotate the encryption keys after upgrading. This issue is fixed in version 1.1.1.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
    Added CWE CWE-354
    Added Reference https://github.com/jwt/ruby-jwe/commit/1e719d79ba3d7aadaa39a2f08c25df077a0f9ff1
    Added Reference https://github.com/jwt/ruby-jwe/security/advisories/GHSA-c7p4-hx26-pr73
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.1
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact