1. Nimbus JOSE+JWT Library Exposed to DoS via Deeply Nested JSON in JWT Claims (CVE-2025-53864)
A critical vulnerability in the widely used Connect2id Nimbus JOSE+JWT library exposes systems to denial-of-service attacks through a simple, maliciously crafted JWT. The flaw, tracked as CVE-2025-53864, resides in the library's failure to enforce depth limits on nested JSON objects within JWT claim sets. An attacker c...