EUVD-2025-18201

| CVE-2025-43866 HIGH
2025-06-12 [email protected] GHSA-m3mq-f375-5vgh
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 14, 2026 - 21:20 euvd
EUVD-2025-18201
Analysis Generated
Mar 14, 2026 - 21:20 vuln.today
CVE Published
Jun 12, 2025 - 18:15 nvd
HIGH 7.5

Tags

Information Disclosure Python Authentication Bypass Vantage6

Description

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.

Analysis

vantage6 servers auto-generate JWT secret keys using UUID1, a predictable algorithm that lacks cryptographic strength, allowing attackers to forge authentication tokens and gain unauthorized access to the privacy-preserving analysis platform. This affects all vantage6 versions prior to 4.11.0 where users have not manually defined a strong JWT secret. The vulnerability has a CVSS score of 7.5 with high confidentiality impact, as attackers can impersonate legitimate users without needing privileges or user interaction.

Technical Context

The vulnerability stems from CWE-330 (Use of Insufficiently Random Values), a fundamental cryptographic weakness. vantage6 uses JWT (JSON Web Tokens) for authentication, but the default key generation relies on UUID1 (time-based, MAC-address-based UUIDs defined in RFC 4122) rather than cryptographically secure random generation. UUID1 is deterministic and predictable given knowledge of the timestamp and MAC address, making it unsuitable for cryptographic purposes like JWT signing. An attacker who can predict or brute-force the UUID1 value can generate valid JWTs, bypassing authentication entirely. The affected component is the vantage6 server's JWT initialization module, which generates keys at startup unless explicitly overridden via user configuration.

Affected Products

vantage6 server versions prior to 4.11.0 (inclusive of all releases from inception through 4.10.x) are affected when JWT secret keys are auto-generated using the default UUID1 mechanism. Specifically: vantage6 4.0.0 through 4.10.x. Affected installations are those where administrators have not explicitly configured a strong, cryptographically-random JWT_SECRET environment variable or configuration parameter. The vulnerability does not affect installations where users have manually defined JWT secrets using secure random values. vantage6 4.11.0 and later versions include secure JWT key generation and are not vulnerable.

Remediation

Immediate actions: (1) Upgrade vantage6 to version 4.11.0 or later, which implements cryptographically secure random JWT key generation. (2) For systems unable to immediately upgrade, manually set the JWT_SECRET configuration parameter to a strong, cryptographically random value (minimum 256 bits of entropy, generated using tools like `openssl rand -base64 32`). (3) Rotate all existing JWT tokens and revoke any long-lived tokens issued prior to remediation. (4) Review server logs for suspicious authentication patterns or unauthorized token usage. (5) Consider implementing token expiration policies and rate limiting on token validation endpoints. Organizations should prioritize patching vantage6 instances handling sensitive research or healthcare data within 48-72 hours.

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +38
POC: 0

Share

EUVD-2025-18201 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy