CVE-2025-13470 (GCVE-0-2025-13470)
Vulnerability from cvelistv5
Published
2025-11-21 17:05
Modified
2025-11-21 17:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
In RNP version 0.18.0 a refactoring regression causes the symmetric
session key used for Public-Key Encrypted Session Key (PKESK) packets to
be left uninitialized except for zeroing, resulting in it always being
an all-zero byte array.
Any data encrypted using public-key encryption
in this release can be decrypted trivially by supplying an all-zero
session key, fully compromising confidentiality.
The vulnerability affects only public key encryption (PKESK packets). Passphrase-based encryption (SKESK packets) is not affected.
Root cause: Vulnerable session key buffer used in PKESK packet generation.
The defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization
logic inside `encrypted_build_skesk()` only randomized the key for the
SKESK path and omitted it for the PKESK path.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T17:35:25.938705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T17:35:33.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RNP",
"repo": "https://github.com/rnpgp/rnp",
"vendor": "Ribose",
"versions": [
{
"status": "affected",
"version": "0.18.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Johannes Roth (MTG AG)"
}
],
"datePublic": "2025-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eIn RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\n be left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.\u003c/p\u003e\u003cp\u003eAny data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.\u003cbr\u003e\u003cbr\u003eThe vulnerability affects only public key encryption (PKESK packets).\u0026nbsp; Passphrase-based encryption (SKESK packets) is not affected.\u003cbr\u003e\u003cbr\u003eRoot cause: Vulnerable session key buffer used in PKESK packet generation.\u003cbr\u003e\u003c/p\u003e\n\u003cp\u003eThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path.\u003c/p\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\n be left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.\n\nAny data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.\n\nThe vulnerability affects only public key encryption (PKESK packets).\u00a0 Passphrase-based encryption (SKESK packets) is not affected.\n\nRoot cause: Vulnerable session key buffer used in PKESK packet generation.\n\n\n\nThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eDecryption succeeds for affected ciphertext using an all-zero session key.\u003c/li\u003e\u003cli\u003eAttack requires only possession of the ciphertext.\u003c/li\u003e\u003cli\u003ePrivate keys are not exposed.\u0026nbsp; Vulnerability is limited to session key generation path.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* Decryption succeeds for affected ciphertext using an all-zero session key.\n * Attack requires only possession of the ciphertext.\n * Private keys are not exposed.\u00a0 Vulnerability is limited to session key generation path."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Confidentiality issue for PKESK-encrypted data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T17:17:44.765Z",
"orgId": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3",
"shortName": "Ribose"
},
"references": [
{
"name": "Introducing commit",
"tags": [
"related"
],
"url": "https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a"
},
{
"name": "Ubuntu package",
"tags": [
"x_downstream-package"
],
"url": "https://launchpad.net/ubuntu/+source/rnp"
},
{
"name": "Arch Linux AUR package",
"tags": [
"x_downstream-package"
],
"url": "https://aur.archlinux.org/packages/rnp"
},
{
"name": "Bugzilla report (may become public)",
"tags": [
"x_downstream_package"
],
"url": "https://packages.gentoo.org/packages/dev-util/librnp"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415863"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2025-13402"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://open.ribose.com/advisories/ra-2025-11-20/"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/rnpgp/rnp/releases/tag/v0.18.1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cb\u003eFor standalone RNP users:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eUpgrade to RNP 0.18.1 when available.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFor distributions that have packaged 0.18.0:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003ePlease update to 0.18.1 when released, or consider providing 0.17.1 as an\u003cbr\u003einterim option.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFor Thunderbird packages using system RNP:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eIf your Thunderbird package is built with system RNP support and RNP 0.18.0 is installed, update RNP to 0.18.1 or 0.17.1. Consider whether Thunderbird should continue using system RNP or switch to bundled RNP.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFor all other users:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eUsers who encrypted sensitive data using RNP 0.18.0 (standalone or via Thunderbird with system RNP 0.18.0) should re-encrypt that data with RNP 0.18.1 or 0.17.1 based on their security requirements.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "For standalone RNP users:\n\n\nUpgrade to RNP 0.18.1 when available.\n\nFor distributions that have packaged 0.18.0:\n\n\nPlease update to 0.18.1 when released, or consider providing 0.17.1 as an\ninterim option.\n\nFor Thunderbird packages using system RNP:\n\n\nIf your Thunderbird package is built with system RNP support and RNP 0.18.0 is installed, update RNP to 0.18.1 or 0.17.1. Consider whether Thunderbird should continue using system RNP or switch to bundled RNP.\n\nFor all other users:\n\n\nUsers who encrypted sensitive data using RNP 0.18.0 (standalone or via Thunderbird with system RNP 0.18.0) should re-encrypt that data with RNP 0.18.1 or 0.17.1 based on their security requirements."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-06-19T00:00:00.000Z",
"value": "RNP 0.18.0 released (vulnerability introduced)."
},
{
"lang": "en",
"time": "2025-11-07T00:00:00.000Z",
"value": "Vulnerability discovered and reported by Johannes Roth (MTG AG)."
},
{
"lang": "en",
"time": "2025-11-19T00:00:00.000Z",
"value": "CVE-2025-13402 assigned by Red Hat."
},
{
"lang": "en",
"time": "2025-11-20T00:00:00.000Z",
"value": "CVE-2025-13470 assigned by Ribose/MITRE."
},
{
"lang": "en",
"time": "2025-11-20T00:00:00.000Z",
"value": "Fix developed and tested."
},
{
"lang": "en",
"time": "2025-11-21T00:00:00.000Z",
"value": "Planned release date for RNP 0.18.1."
},
{
"lang": "en",
"time": "2025-11-21T00:00:00.000Z",
"value": "Public disclosure (same day as release)."
}
],
"title": "RNP 0.18.0 Vulnerable PKESK session keys",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No workaround.\u0026nbsp; All PKESK-encrypted ciphertext produced with 0.18.0 is compromised.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "No workaround.\u00a0 All PKESK-encrypted ciphertext produced with 0.18.0 is compromised."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3",
"assignerShortName": "Ribose",
"cveId": "CVE-2025-13470",
"datePublished": "2025-11-21T17:05:15.683Z",
"dateReserved": "2025-11-20T08:36:59.270Z",
"dateUpdated": "2025-11-21T17:35:33.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-13470\",\"sourceIdentifier\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\",\"published\":\"2025-11-21T17:15:50.473\",\"lastModified\":\"2025-11-25T22:16:42.557\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In RNP version 0.18.0 a refactoring regression causes the symmetric \\nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\\n be left uninitialized except for zeroing, resulting in it always being \\nan all-zero byte array.\\n\\nAny data encrypted using public-key encryption \\nin this release can be decrypted trivially by supplying an all-zero \\nsession key, fully compromising confidentiality.\\n\\nThe vulnerability affects only public key encryption (PKESK packets).\u00a0 Passphrase-based encryption (SKESK packets) is not affected.\\n\\nRoot cause: Vulnerable session key buffer used in PKESK packet generation.\\n\\n\\n\\nThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \\nlogic inside `encrypted_build_skesk()` only randomized the key for the \\nSKESK path and omitted it for the PKESK path.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:H/U:Red\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"HIGH\",\"providerUrgency\":\"RED\"}}],\"cvssMetricV31\":[{\"source\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/cve-2025-13402\",\"source\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\"},{\"url\":\"https://aur.archlinux.org/packages/rnp\",\"source\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2415863\",\"source\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\"},{\"url\":\"https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a\",\"source\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\"},{\"url\":\"https://github.com/rnpgp/rnp/releases/tag/v0.18.1\",\"source\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\"},{\"url\":\"https://launchpad.net/ubuntu/+source/rnp\",\"source\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\"},{\"url\":\"https://open.ribose.com/advisories/ra-2025-11-20/\",\"source\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\"},{\"url\":\"https://packages.gentoo.org/packages/dev-util/librnp\",\"source\":\"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-13470\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-21T17:35:25.938705Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-21T17:35:29.339Z\"}}], \"cna\": {\"title\": \"RNP 0.18.0 Vulnerable PKESK session keys\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Johannes Roth (MTG AG)\"}], \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Confidentiality issue for PKESK-encrypted data\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.7, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/RE:H/U:Red\", \"exploitMaturity\": \"PROOF_OF_CONCEPT\", \"providerUrgency\": \"RED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/rnpgp/rnp\", \"vendor\": \"Ribose\", \"product\": \"RNP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.18.0\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"* Decryption succeeds for affected ciphertext using an all-zero session key.\\n * Attack requires only possession of the ciphertext.\\n * Private keys are not exposed.\\u00a0 Vulnerability is limited to session key generation path.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cul\u003e\u003cli\u003eDecryption succeeds for affected ciphertext using an all-zero session key.\u003c/li\u003e\u003cli\u003eAttack requires only possession of the ciphertext.\u003c/li\u003e\u003cli\u003ePrivate keys are not exposed.\u0026nbsp; Vulnerability is limited to session key generation path.\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-06-19T00:00:00.000Z\", \"value\": \"RNP 0.18.0 released (vulnerability introduced).\"}, {\"lang\": \"en\", \"time\": \"2025-11-07T00:00:00.000Z\", \"value\": \"Vulnerability discovered and reported by Johannes Roth (MTG AG).\"}, {\"lang\": \"en\", \"time\": \"2025-11-19T00:00:00.000Z\", \"value\": \"CVE-2025-13402 assigned by Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-11-20T00:00:00.000Z\", \"value\": \"CVE-2025-13470 assigned by Ribose/MITRE.\"}, {\"lang\": \"en\", \"time\": \"2025-11-20T00:00:00.000Z\", \"value\": \"Fix developed and tested.\"}, {\"lang\": \"en\", \"time\": \"2025-11-21T00:00:00.000Z\", \"value\": \"Planned release date for RNP 0.18.1.\"}, {\"lang\": \"en\", \"time\": \"2025-11-21T00:00:00.000Z\", \"value\": \"Public disclosure (same day as release).\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"For standalone RNP users:\\n\\n\\nUpgrade to RNP 0.18.1 when available.\\n\\nFor distributions that have packaged 0.18.0:\\n\\n\\nPlease update to 0.18.1 when released, or consider providing 0.17.1 as an\\ninterim option.\\n\\nFor Thunderbird packages using system RNP:\\n\\n\\nIf your Thunderbird package is built with system RNP support and RNP 0.18.0 is installed, update RNP to 0.18.1 or 0.17.1. Consider whether Thunderbird should continue using system RNP or switch to bundled RNP.\\n\\nFor all other users:\\n\\n\\nUsers who encrypted sensitive data using RNP 0.18.0 (standalone or via Thunderbird with system RNP 0.18.0) should re-encrypt that data with RNP 0.18.1 or 0.17.1 based on their security requirements.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cb\u003eFor standalone RNP users:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eUpgrade to RNP 0.18.1 when available.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFor distributions that have packaged 0.18.0:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003ePlease update to 0.18.1 when released, or consider providing 0.17.1 as an\u003cbr\u003einterim option.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFor Thunderbird packages using system RNP:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eIf your Thunderbird package is built with system RNP support and RNP 0.18.0 is installed, update RNP to 0.18.1 or 0.17.1. Consider whether Thunderbird should continue using system RNP or switch to bundled RNP.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFor all other users:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eUsers who encrypted sensitive data using RNP 0.18.0 (standalone or via Thunderbird with system RNP 0.18.0) should re-encrypt that data with RNP 0.18.1 or 0.17.1 based on their security requirements.\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"datePublic\": \"2025-11-21T00:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a\", \"name\": \"Introducing commit\", \"tags\": [\"related\"]}, {\"url\": \"https://launchpad.net/ubuntu/+source/rnp\", \"name\": \"Ubuntu package\", \"tags\": [\"x_downstream-package\"]}, {\"url\": \"https://aur.archlinux.org/packages/rnp\", \"name\": \"Arch Linux AUR package\", \"tags\": [\"x_downstream-package\"]}, {\"url\": \"https://packages.gentoo.org/packages/dev-util/librnp\", \"name\": \"Bugzilla report (may become public)\", \"tags\": [\"x_downstream_package\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2415863\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://access.redhat.com/security/cve/cve-2025-13402\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://open.ribose.com/advisories/ra-2025-11-20/\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://github.com/rnpgp/rnp/releases/tag/v0.18.1\", \"tags\": [\"release-notes\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"No workaround.\\u00a0 All PKESK-encrypted ciphertext produced with 0.18.0 is compromised.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"No workaround.\u0026nbsp; All PKESK-encrypted ciphertext produced with 0.18.0 is compromised.\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In RNP version 0.18.0 a refactoring regression causes the symmetric \\nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\\n be left uninitialized except for zeroing, resulting in it always being \\nan all-zero byte array.\\n\\nAny data encrypted using public-key encryption \\nin this release can be decrypted trivially by supplying an all-zero \\nsession key, fully compromising confidentiality.\\n\\nThe vulnerability affects only public key encryption (PKESK packets).\\u00a0 Passphrase-based encryption (SKESK packets) is not affected.\\n\\nRoot cause: Vulnerable session key buffer used in PKESK packet generation.\\n\\n\\n\\nThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \\nlogic inside `encrypted_build_skesk()` only randomized the key for the \\nSKESK path and omitted it for the PKESK path.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003e\u003cp\u003eIn RNP version 0.18.0 a refactoring regression causes the symmetric \\nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\\n be left uninitialized except for zeroing, resulting in it always being \\nan all-zero byte array.\u003c/p\u003e\u003cp\u003eAny data encrypted using public-key encryption \\nin this release can be decrypted trivially by supplying an all-zero \\nsession key, fully compromising confidentiality.\u003cbr\u003e\u003cbr\u003eThe vulnerability affects only public key encryption (PKESK packets).\u0026nbsp; Passphrase-based encryption (SKESK packets) is not affected.\u003cbr\u003e\u003cbr\u003eRoot cause: Vulnerable session key buffer used in PKESK packet generation.\u003cbr\u003e\u003c/p\u003e\\n\u003cp\u003eThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \\nlogic inside `encrypted_build_skesk()` only randomized the key for the \\nSKESK path and omitted it for the PKESK path.\u003c/p\u003e\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-330\", \"description\": \"CWE-330 Use of Insufficiently Random Values\"}]}], \"providerMetadata\": {\"orgId\": \"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\", \"shortName\": \"Ribose\", \"dateUpdated\": \"2025-11-21T17:17:44.765Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-13470\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-21T17:35:33.645Z\", \"dateReserved\": \"2025-11-20T08:36:59.270Z\", \"assignerOrgId\": \"6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3\", \"datePublished\": \"2025-11-21T17:05:15.683Z\", \"assignerShortName\": \"Ribose\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…