CVE-2025-43866
HIGHDescription
vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is fixed in 4.11.0.
Is your site exposed to CVE-2025-43866?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| vantage6 | vantage6 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-43866? +
How severe is CVE-2025-43866? +
What products are affected by CVE-2025-43866? +
How do I check if I'm vulnerable to CVE-2025-43866? +
Related Vulnerabilities
AdGuard Home is a network-wide software for blocking ads and tracking. Prior to 0.107.75, AdGuard Home's client-triggered DoQ forwarding path …
Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II version 1.17478.146 allows attackers in Wi-Fi range to …
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability …
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform …
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files …
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass