CVE Alert: CVE-2024-48916

July 31, 2025
image 1

Vulnerability Summary: CVE-2024-48916

Ceph is a distributed object, block, and file storage platform. In versions 19.2.3 and below, it is possible to send an JWT that has “none” as JWT alg. And by doing so the JWT signature is not checked. The vulnerability is most likely in the RadosGW OIDC provider. As of time of publication, a known patched version has yet to be published.

Affected Endpoints:

No affected endpoints listed.

Published Date:

7/30/2025, 8:15:33 PM

🔥 CVSS Score:

CVSS v3 Score: 8.1 (High)

Exploit Status:

Not Exploited

References:

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

image

CVE Alert: CVE-2025-37109

August 1, 2025
image

CVE Alert: CVE-2025-45770

August 1, 2025
image

CVE Alert: CVE-2025-37110

August 1, 2025
image

CVE Alert: CVE-2025-37108

August 1, 2025
image

CVE Alert: CVE-2025-45769

August 1, 2025