What is the CVSS score of CVE-2025-43903?

CVE-2025-43903 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Jwt Attack are affected by CVE-2025-43903?

Organizations using Poppler should be aware of moderate risk from CVE-2025-43903, a signature bypass vulnerability rated CVSS 4.3. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-43903?

Within 30 days: Identify affected systems running Poppler and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Jwt Attack CVE-2025-43903

MEDIUM

Improper Verification of Cryptographic Signature (CWE-347)

2025-04-18 cve@mitre.org

Information Disclosure Red Hat Jwt Attack Poppler Suse

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:37 vuln.today

Patch released

Mar 28, 2026 - 18:37 nvd

Patch available

CVE Published

Apr 18, 2025 - 21:15 nvd

MEDIUM 4.3

DescriptionNVD

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries.

AnalysisAI

NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-347. NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. Affected products include: Freedesktop Poppler. Version information: before 25.04.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.