Pierluigi Paganini
May 21, 2025
A critical vulnerability, tracked as CVE-2025-47934, in OpenPGP.js allowed spoofing of message signature verification.
OpenPGP.js is an open-source JavaScript library that implements the OpenPGP standard for email and data encryption. It allows developers to integrate secure end-to-end encryption features directly into web applications, browser extensions, or server-side tools using JavaScript.
A critical flaw in OpenPGP.js versions 5.0.1 to 5.11.2 and 6.0.0 to 6.1.0 allows spoofing of inline-signed or signed+encrypted messages. Attackers can craft messages that return valid signature checks on data not actually signed, misleading recipients. Detached signatures are unaffected.
“This flaw allows signature verifications of inline (non-detached) signed messages (using openpgp.verify) and signed-and-encrypted messages (using openpgp.decrypt with verificationKeys) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case.” reads the advisory. “In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker’s choice, which will appear as legitimately signed by affected versions of OpenPGP.js.”
The vulnerability allows attackers to alter inline-signed or signed+encrypted messages to contain any content, while still appearing to have a valid signature.
Researchers Edoardo Geraci and Thomas Rinsma of Codean Labs discovered the vulnerability.
The issue is patched in 5.11.3 and 6.1.1, with workarounds available via manual signature checks.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CVE-2025-47934)
