CVE-2025-54887: JWE is missing AES-GCM authentication tag validation in encrypted JWE

August 7, 2025 (updated August 8, 2025)

JWEs can be modified to decrypt to an arbitrary value
JWEs can be decrypted by observing parsing differences
The GCM internal GHASH key can be recovered

References

github.com/advisories/GHSA-c7p4-hx26-pr73
github.com/jwt/ruby-jwe
github.com/jwt/ruby-jwe/commit/1e719d79ba3d7aadaa39a2f08c25df077a0f9ff1
github.com/jwt/ruby-jwe/security/advisories/GHSA-c7p4-hx26-pr73
nvd.nist.gov/vuln/detail/CVE-2025-54887

Code Behaviors & Features

Detect and mitigate CVE-2025-54887 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →