jwt
CVE-2025-30144: fast-jwt Improper Issuer Claim Validation Vulnerability
Executive Summary CVE-2025-30144 describes a critical vulnerability within the fast-jwt Node.js library, a popular package used for fast JSON Web Token (JWT) implementation. Versions prior to 5.0.6 are affected. The vulnerability stems from an improper validation of the iss (issuer) claim, as defined in RFC 7519. Specifically,