CVE-2025-43866 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the use…
Low CVSS: 1.7

CVE-2025-43866

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.
Vendor
Vantage6
Product
Vantage6
CWE
CWE-330
Yayın Tarihi
2025-06-12 18:15:20
Güncelleme
2025-09-17 18:44:19
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-330 Vantage6 LOW Vantage6 2025

Referanslar

https://github.com/vantage6/vantage6/security/advisories/GHSA-m3mq-f375-5vgh