Updated advisory posts against rubysec/ruby-advisory-db@43149b5

jasnow · RubySec CI · commit c6cc612f1ea1 · 2025-08-08T17:27:08.000Z
diff --git a/advisories/_posts/2025-08-07-CVE-2025-54887.md b/advisories/_posts/2025-08-07-CVE-2025-54887.md
@@ -0,0 +1,54 @@
+---
+layout: advisory
+title: 'CVE-2025-54887 (jwe): JWE is missing AES-GCM authentication tag validation
+  in encrypted JWE'
+comments: false
+categories:
+- jwe
+advisory:
+  gem: jwe
+  cve: 2025-54887
+  ghsa: c7p4-hx26-pr73
+  url: https://github.com/jwt/ruby-jwe/security/advisories/GHSA-c7p4-hx26-pr73
+  title: JWE is missing AES-GCM authentication tag validation in encrypted JWE
+  date: 2025-08-07
+  description: |
+    ### Overview
+
+    The authentication tag of encrypted JWEs can be brute forced,
+    which may result in loss of confidentiality for those JWEs and
+    provide ways to craft arbitrary JWEs.
+
+    ### Impact
+
+    - JWEs can be modified to decrypt to an arbitrary value
+    - JWEs can be decrypted by observing parsing differences
+    - The GCM internal
+      [GHASH key](https://en.wikipedia.org/wiki/Galois/Counter_Mode)
+      can be recovered
+
+    ### Am I Affected?
+
+    You are affected by this vulnerability even if you do not
+    use an `AES-GCM` encryption algorithm for your JWEs.
+
+    ### Patches
+
+    The version 1.1.1 fixes the issue by adding the tag length check for the `AES-GCM` algorithm.
+
+    **Important:** As the [GHASH key](https://en.wikipedia.org/wiki/Galois/Counter_Mode)
+    could have leaked, you must rotate the encryption keys after
+    upgrading to version 1.1.1.
+
+    ### References
+
+    [Félix Charette talk at NorthSec 2025 about the issue](https://www.youtube.com/watch?v=9IT659uUXfs&t=15830s)
+  cvss_v3: 9.1
+  patched_versions:
+  - ">= 1.1.1"
+  related:
+    url:
+    - https://github.com/jwt/ruby-jwe/security/advisories/GHSA-c7p4-hx26-pr73
+    - https://github.com/jwt/ruby-jwe/releases/tag/v1.1.1
+    - https://github.com/advisories/GHSA-c7p4-hx26-pr73
+---
