jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 07 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
Title jsrsasign: jsrsasign Weak Encryption Vulnerability
References
Metrics threat_severity

None

threat_severity

Low


Thu, 07 Aug 2025 05:30:00 +0000

Type Values Removed Values Added
References

Thu, 07 Aug 2025 04:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-326
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H'}

cvssV3_1

{'score': 3.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N'}


Thu, 07 Aug 2025 04:30:00 +0000

Type Values Removed Values Added
Description jsrsasign v11.1.0 was discovered to contain weak encryption. jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
References

Wed, 06 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-327
Metrics cvssV3_1

{'score': 7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 06 Aug 2025 19:45:00 +0000

Type Values Removed Values Added
Description jsrsasign v11.1.0 was discovered to contain weak encryption.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-08-26T18:51:17.741Z

Reserved: 2025-04-22T00:00:00.000Z

Link: CVE-2025-45764

cve-icon Vulnrichment

Updated: 2025-08-06T19:40:55.517Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-06T20:15:28.643

Modified: 2025-08-26T19:15:40.360

Link: CVE-2025-45764

cve-icon Redhat

Severity : Low

Publid Date: 2025-08-06T00:00:00Z

Links: CVE-2025-45764 - Bugzilla

cve-icon OpenCVE Enrichment

No data.