Detections
Analytics

CVE-2025-13470

high

Description

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release can be decrypted trivially by supplying an all-zero session key, fully compromising confidentiality. The vulnerability affects only public key encryption (PKESK packets). Passphrase-based encryption (SKESK packets) is not affected. Root cause: Vulnerable session key buffer used in PKESK packet generation. The defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization logic inside `encrypted_build_skesk()` only randomized the key for the SKESK path and omitted it for the PKESK path.

References

https://packages.gentoo.org/packages/dev-util/librnp

https://open.ribose.com/advisories/ra-2025-11-20/

https://launchpad.net/ubuntu/+source/rnp

https://github.com/rnpgp/rnp/releases/tag/v0.18.1

https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a

https://bugzilla.redhat.com/show_bug.cgi?id=2415863

https://aur.archlinux.org/packages/rnp

https://access.redhat.com/security/cve/cve-2025-13402

Details

Source: Mitre, NVD

Published: 2025-11-21

Updated: 2025-11-25

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.0002