A vital vulnerability within the widely-used OpenPGP.js library has been found that enables attackers to forge digital signatures and deceive customers into believing malicious content material was legitimately signed by trusted sources.
The flaw, designated CVE-2025-47934, represents a elementary breach of cryptographic belief that might undermine safe communications throughout quite a few web-based purposes and electronic mail shoppers that depend on the favored JavaScript implementation of the OpenPGP customary.
The vulnerability impacts OpenPGP.js variations previous to v5.11.3 and v6.1.1, probably impacting hundreds of thousands of customers who rely on encrypted electronic mail providers and different purposes using the library for safe communications.
Notable affected platforms embrace Mailvelope and probably different web-based electronic mail shoppers, although Proton Mail was confirmed to be unaffected by this particular concern.
The severity of this vulnerability stems from its capability to utterly subvert the core precept of digital signature verification, permitting attackers to current arbitrary malicious content material whereas sustaining the looks of a legitimate cryptographic signature from a reputable supply.
Codean Labs researchers recognized this vulnerability by way of their safety analysis program, demonstrating how an attacker with entry to any legitimate signature from a goal person might manipulate the verification course of to authenticate utterly completely different content material.
The analysis crew efficiently demonstrated the assault by displaying how a reputable signature on the phrase “reputable” may very well be manipulated to look as a legitimate signature on the phrase “malicious” whereas sustaining cryptographic verification success.
The invention has prompted instant motion from the OpenPGP.js growth crew, who launched patches addressing the vulnerability and implementing stricter grammar verification to stop comparable assaults sooner or later.
The coordinated disclosure course of started in early Might 2025, with fixes and advisories printed inside two weeks of acknowledgment by the maintainers.
Technical Exploitation Mechanism
The vulnerability exploits a vital flaw in how OpenPGP.js processes packet lists throughout message verification.
The assault leverages the library’s versatile dealing with of compressed and uncompressed information packets, making a state of affairs the place signature verification and information extraction function on completely different packet sequences throughout the similar message.
An attacker constructs a malformed packet listing by taking a reputable signed message and appending a malicious Compressed Knowledge packet containing arbitrary content material.
The ensuing construction consists of the unique One-Go Signature packet, Literal Knowledge packet with reputable content material, a legitimate Signature packet, adopted by the attacker-controlled Compressed Knowledge packet containing malicious payload.
Throughout the verification course of, OpenPGP.js first reads packets till it encounters a streamable packet kind, initially processing solely the reputable signed content material.
The unwrapCompressed() methodology examines this restricted packet listing and finds no compressed information, so it verifies the signature in opposition to the reputable content material efficiently.
Nonetheless, when the library subsequently retrieves the message information for return to the person, it re-examines the now-complete packet listing and extracts content material from the primary Compressed Knowledge packet it encounters, which incorporates the attacker’s malicious payload.
const verificationResult = await openpgp.confirm({ message, verificationKeys: publicKey });
console.log(`Signed message information: ${verificationResult.information}`); // Returns malicious content material
const { verified } = verificationResult.signatures[0];
await verified; // Signature verification succeeds
This timing discrepancy in packet processing creates a harmful disconnect between what content material is cryptographically verified and what content material is offered to the person, essentially breaking the safety assure that digital signatures are supposed to supply.
Automate menace response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs throughout all endpoints -> Request full entry
