Is vantage6-server affected by CVE-2025-43866?

PyPI vantage6-server is affected in <4.11.0.

Is CVE-2025-43866 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

low

CVE-2025-43866

Q: Is CVE-2025-43866 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

PyPI · vantage6-server

Summary

Vantage6 Server JWT secret not cryptographically secure

Severity: low
EPSS: 0.3% (p25)
Also known as: GHSA-m3mq-f375-5vgh, PYSEC-2025-221
Published: 2025-06-12

References

https://github.com/vantage6/vantage6/security/advisories/GHSA-m3mq-f375-5vgh
https://nvd.nist.gov/vuln/detail/CVE-2025-43866
https://github.com/vantage6/vantage6/commit/e39a262faf1cd4c554bf1b8e57eeea082da995c0

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.