{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-45764", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-08-26T18:51:17.741Z", "dateReserved": "2025-04-22T00:00:00.000Z", "datePublished": "2025-08-06T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "jsrsasign", "vendor": "jsrsasign project", "versions": [{"status": "affected", "version": "11.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-08-07T04:15:54.319Z"}, "references": [{"url": "https://gist.github.com/ZupeiNie/2250cf1758771d56272dc326ce066202"}, {"url": "https://github.com/kjur/jsrsasign/issues/634"}], "tags": ["disputed"], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.1.0", "versionEndIncluding": "11.1.0"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-06T19:40:39.638189Z", "id": "CVE-2025-45764", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-26T18:51:17.741Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-45764", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-06T19:40:39.638189Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-06T19:40:55.517Z"}}], "cna": {"tags": ["disputed"], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.2, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"}}], "affected": [{"vendor": "jsrsasign project", "product": "jsrsasign", "versions": [{"status": "affected", "version": "11.1.0", "versionType": "semver"}], "defaultStatus": "unknown"}], "references": [{"url": "https://gist.github.com/ZupeiNie/2250cf1758771d56272dc326ce066202"}, {"url": "https://github.com/kjur/jsrsasign/issues/634"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-326", "description": "CWE-326 Inadequate Encryption Strength"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jsrsasign_project:jsrsasign:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "11.1.0", "versionStartIncluding": "11.1.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-08-07T04:15:54.319Z"}}}, "cveMetadata": {"cveId": "CVE-2025-45764", "state": "PUBLISHED", "dateUpdated": "2025-08-26T18:51:17.741Z", "dateReserved": "2025-04-22T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-08-06T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record."}, {"lang": "es", "value": "Se descubri\u00f3 que jsrsasign v11.1.0 conten\u00eda un cifrado d\u00e9bil. NOTA: Este problema ha sido cuestionado por un tercero que considera que los ID de CVE pueden asignarse a longitudes de clave en aplicaciones espec\u00edficas que usan una librer\u00eda, y no deber\u00edan asignarse a las longitudes de clave predeterminadas de una librer\u00eda. Esta disputa est\u00e1 sujeta a revisi\u00f3n seg\u00fan las reglas 4.1.4 y 4.1.14 de la CNA, entre otras; el etiquetado de la disputa no pretende recomendar una soluci\u00f3n para este registro de CVE."}], "id": "CVE-2025-45764", "lastModified": "2025-08-26T19:15:40.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-08-06T20:15:28.643", "references": [{"source": "cve@mitre.org", "url": "https://gist.github.com/ZupeiNie/2250cf1758771d56272dc326ce066202"}, {"source": "cve@mitre.org", "url": "https://github.com/kjur/jsrsasign/issues/634"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "jsrsasign: jsrsasign Weak Encryption Vulnerability", "id": "2386919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386919"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-327", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-45764", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Fix deferred", "package_name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Fix deferred", "package_name": "mtv-candidate/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2025-08-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-45764\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-45764\nhttps://gist.github.com/ZupeiNie/2250cf1758771d56272dc326ce066202\nhttps://github.com/kjur/jsrsasign"], "threat_severity": "Low"}