CVE-2025-43866

Vulnerability Description

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.

Vulnerability Details

Published Date

June 12, 2025

Last Modified

September 17, 2025

Source

NVD

CVE-2025-43866

Vulnerability Description

Vulnerability Details

Discussion (0)

Add Comment