CVE-2025-43866

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 4.11.0

Description The vantage6 server has a predictable JWT secret key generation issue. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This issue affects the privacy-preserving analysis functionality of the vantage6 infrastructure.

Recommendations For versions prior to 4.11.0, update to version 4.11.0 to resolve the issue. As a temporary workaround, consider defining a custom JWT secret key to minimize the risk of exploitation.