{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-47934", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-05-14T10:32:43.529Z", "datePublished": "2025-05-19T18:57:05.602Z", "dateUpdated": "2025-05-20T13:02:58.605Z"}, "containers": {"cna": {"title": "OpenPGP.js's message signature verification can be spoofed", "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8"}, {"name": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229", "tags": ["x_refsource_MISC"], "url": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229"}, {"name": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356", "tags": ["x_refsource_MISC"], "url": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356"}, {"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3"}, {"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1"}], "affected": [{"vendor": "openpgpjs", "product": "openpgpjs", "versions": [{"version": ">= 5.0.1, < 5.11.3", "status": "affected"}, {"version": ">= 6.0.0-alpha.0, < 6.1.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-19T18:57:05.602Z"}, "descriptions": [{"lang": "en", "value": "OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker's choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker's choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`."}], "source": {"advisory": "GHSA-8qff-qr5q-5pr8", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-20T13:02:53.093390Z", "id": "CVE-2025-47934", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T13:02:58.605Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-47934", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-05-14T10:32:43.529Z", "datePublished": "2025-05-19T18:57:05.602Z", "dateUpdated": "2025-05-20T13:02:58.605Z"}, "containers": {"cna": {"title": "OpenPGP.js's message signature verification can be spoofed", "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8"}, {"name": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229", "tags": ["x_refsource_MISC"], "url": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229"}, {"name": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356", "tags": ["x_refsource_MISC"], "url": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356"}, {"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3"}, {"name": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1"}], "affected": [{"vendor": "openpgpjs", "product": "openpgpjs", "versions": [{"version": ">= 5.0.1, < 5.11.3", "status": "affected"}, {"version": ">= 6.0.0-alpha.0, < 6.1.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-05-19T18:57:05.602Z"}, "descriptions": [{"lang": "en", "value": "OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker's choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker's choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`."}], "source": {"advisory": "GHSA-8qff-qr5q-5pr8", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-47934", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-20T13:02:53.093390Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T13:02:55.837Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline (non-detached) signed messages (using `openpgp.verify`) and signed-and-encrypted messages (using `openpgp.decrypt` with `verificationKeys`) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker's choice, which will appear as legitimately signed by affected versions of OpenPGP.js. In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker's choice) together with that signature. The issue has been patched in versions 5.11.3 and 6.1.1. Some workarounds are available. When verifying inline-signed messages, extract the message and signature(s) from the message returned by `openpgp.readMessage`, and verify the(/each) signature as a detached signature by passing the signature and a new message containing only the data (created using `openpgp.createMessage`) to `openpgp.verify`. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling `openpgp.decrypt` without `verificationKeys`, and then passing the returned signature(s) and a new message containing the decrypted data (created using `openpgp.createMessage`) to `openpgp.verify`."}, {"lang": "es", "value": "OpenPGP.js es una implementaci\u00f3n en JavaScript del protocolo OpenPGP. A partir de la versi\u00f3n 5.0.1 y anteriores a las versiones 5.11.3 y 6.1.1, se puede pasar un mensaje modificado maliciosamente a `openpgp.verify` o `openpgp.decrypt`, lo que provoca que estas funciones devuelvan un resultado de verificaci\u00f3n de firma v\u00e1lido, pero que devuelvan datos no firmados. Esta falla permite falsificar las verificaciones de firma de mensajes firmados en l\u00ednea (no separados) (mediante `openpgp.verify`) y de mensajes firmados y cifrados (mediante `openpgp.decrypt` con `verificationKeys`), ya que ambas funciones devuelven datos extra\u00eddos que podr\u00edan no coincidir con los datos firmados originalmente. Las verificaciones de firma separadas no se ven afectadas, ya que en ese caso no se devuelven datos firmados. Para falsificar un mensaje, el atacante necesita una \u00fanica firma de mensaje v\u00e1lida (en l\u00ednea o separada), as\u00ed como los datos de texto plano firmados leg\u00edtimamente. Posteriormente, puede construir un mensaje firmado en l\u00ednea o firmado y cifrado con cualquier dato que elija, que aparecer\u00e1 como firmado leg\u00edtimamente en las versiones afectadas de OpenPGP.js. En otras palabras, cualquier mensaje firmado en l\u00ednea puede modificarse para que devuelva cualquier otro dato (sin dejar de indicar que la firma era v\u00e1lida). Lo mismo ocurre con los mensajes firmados y cifrados si el atacante puede obtener una firma v\u00e1lida y cifrar un nuevo mensaje (a elecci\u00f3n del atacante) junto con esa firma. El problema se ha corregido en las versiones 5.11.3 y 6.1.1. Existen algunas workarounds. Al verificar mensajes firmados en l\u00ednea, extraiga el mensaje y las firmas del mensaje devuelto por `openpgp.readMessage` y verifique cada firma como una firma independiente. Para ello, pase la firma y un nuevo mensaje que contenga solo los datos (creado con `openpgp.createMessage`) a `openpgp.verify`. Al descifrar y verificar mensajes firmados y cifrados, descifre y verifique el mensaje en dos pasos: primero, llame a `openpgp.decrypt` sin `verificationKeys` y, a continuaci\u00f3n, pase las firmas devueltas y un nuevo mensaje que contenga los datos descifrados (creado con `openpgp.createMessage`) a `openpgp.verify`."}], "id": "CVE-2025-47934", "lastModified": "2025-05-21T20:25:16.407", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-05-19T19:15:52.330", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/openpgpjs/openpgpjs/commit/43f5f4e2bd67d0514d06acc60b6ee571a049c229"}, {"source": "security-advisories@github.com", "url": "https://github.com/openpgpjs/openpgpjs/commit/bd54e8535ca29b3bef58a8c02296892e408be356"}, {"source": "security-advisories@github.com", "url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v5.11.3"}, {"source": "security-advisories@github.com", "url": "https://github.com/openpgpjs/openpgpjs/releases/tag/v6.1.1"}, {"source": "security-advisories@github.com", "url": "https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}