
We found results for “”
CVE-2025-43866
Good to know:


Date: June 12, 2025
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Use of Insufficiently Random Values
CWE-330Top Fix

Upgrade Version
Upgrade to version vantage6-server - 4.11.0;vantage6-server - 4.11.0;https://github.com/vantage6/vantage6.git - version/4.11.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | LOW |