CVE-2022-25898

7.7 HIGH
Published: July 01, 2022 Modified: June 22, 2026
View on NVD

Description

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/kjur/jsrsasign/releases/tag/10.5.25
Source: report@snyk.io
Release Notes Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898
Source: report@snyk.io
Exploit Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897
Source: report@snyk.io
Exploit Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896
Source: report@snyk.io
Exploit Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
Source: report@snyk.io
Exploit Patch Third Party Advisory
https://github.com/kjur/jsrsasign/commit/4536a6e9e8bcf1a644ab7c07ed96e453347dae41
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://github.com/kjur/jsrsasign/releases/tag/10.5.25
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2935898
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-2935897
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2935896
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JSRSASIGN-2869122
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Patch Third Party Advisory

12 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.7 / 10.0
EPSS (Exploit Probability)
1.1%
61th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

Affected Vendors

kjur