jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.
References
Configurations
No configuration.
History
No history.
Information
Published : 2025-08-06 20:15
Updated : 2025-08-26 19:15
NVD link : CVE-2025-45764
Mitre link : CVE-2025-45764
CVE.ORG link : CVE-2025-45764
JSON object : View
Products Affected
No product.
CWE
CWE-326
Inadequate Encryption Strength