Back to search
CVE-2025-43866
Published: Jun 12, 2025
Modified: Jun 13, 2025
PUBLISHED
Description
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.
| Vendor | Product | Versions |
|---|---|---|
vantage6 | vantage6 | affected < 4.11 |
Weaknesses (CWE)
References
https://github.com/vantage6/vantage6/security/advisories/GHSA-m3mq-f375-5vgh
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now