Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 23 Sep 2025 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson. | Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson. |
References |
|
Sat, 12 Jul 2025 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT | |
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Fri, 11 Jul 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 11 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
Fri, 11 Jul 2025 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson. | |
Weaknesses | CWE-674 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-23T18:38:15.547Z
Reserved: 2025-07-11T00:00:00.000Z
Link: CVE-2025-53864

Updated: 2025-07-11T13:28:27.431Z

Status : Awaiting Analysis
Published: 2025-07-11T03:16:03.563
Modified: 2025-09-23T19:15:39.810
Link: CVE-2025-53864


Updated: 2025-07-13T11:06:13Z