{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13470", "assignerOrgId": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "state": "PUBLISHED", "assignerShortName": "Ribose", "dateReserved": "2025-11-20T08:36:59.270Z", "datePublished": "2025-11-21T17:05:15.683Z", "dateUpdated": "2025-11-21T17:35:33.645Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RNP", "repo": "https://github.com/rnpgp/rnp", "vendor": "Ribose", "versions": [{"status": "affected", "version": "0.18.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Johannes Roth (MTG AG)"}], "datePublic": "2025-11-21T00:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><p>In RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\n be left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.</p><p>Any data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.<br><br>The vulnerability affects only public key encryption (PKESK packets).&nbsp; Passphrase-based encryption (SKESK packets) is not affected.<br><br>Root cause: Vulnerable session key buffer used in PKESK packet generation.<br></p>\n<p>The defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path.</p><br></div>"}], "value": "In RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\n be left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.\n\nAny data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.\n\nThe vulnerability affects only public key encryption (PKESK packets).\u00a0 Passphrase-based encryption (SKESK packets) is not affected.\n\nRoot cause: Vulnerable session key buffer used in PKESK packet generation.\n\n\n\nThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<ul><li>Decryption succeeds for affected ciphertext using an all-zero session key.</li><li>Attack requires only possession of the ciphertext.</li><li>Private keys are not exposed.&nbsp; Vulnerability is limited to session key generation path.</li></ul>"}], "value": "* Decryption succeeds for affected ciphertext using an all-zero session key.\n * Attack requires only possession of the ciphertext.\n * Private keys are not exposed.\u00a0 Vulnerability is limited to session key generation path."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Confidentiality issue for PKESK-encrypted data"}]}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.7, "baseSeverity": "HIGH", "exploitMaturity": "PROOF_OF_CONCEPT", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/RE:H/U:Red", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "HIGH"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "shortName": "Ribose", "dateUpdated": "2025-11-21T17:17:44.765Z"}, "references": [{"name": "Introducing commit", "tags": ["related"], "url": "https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a"}, {"name": "Ubuntu package", "tags": ["x_downstream-package"], "url": "https://launchpad.net/ubuntu/+source/rnp"}, {"name": "Arch Linux AUR package", "tags": ["x_downstream-package"], "url": "https://aur.archlinux.org/packages/rnp"}, {"name": "Bugzilla report (may become public)", "tags": ["x_downstream_package"], "url": "https://packages.gentoo.org/packages/dev-util/librnp"}, {"tags": ["issue-tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415863"}, {"tags": ["third-party-advisory"], "url": "https://access.redhat.com/security/cve/cve-2025-13402"}, {"tags": ["vendor-advisory"], "url": "https://open.ribose.com/advisories/ra-2025-11-20/"}, {"tags": ["release-notes"], "url": "https://github.com/rnpgp/rnp/releases/tag/v0.18.1"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><b>For standalone RNP users:</b></div><div><br>Upgrade to RNP 0.18.1 when available.<br><br><b>For distributions that have packaged 0.18.0:</b></div><div><br>Please update to 0.18.1 when released, or consider providing 0.17.1 as an<br>interim option.<br><br><b>For Thunderbird packages using system RNP:</b></div><div><br>If your Thunderbird package is built with system RNP support and RNP 0.18.0 is installed, update RNP to 0.18.1 or 0.17.1. Consider whether Thunderbird should continue using system RNP or switch to bundled RNP.<br><br><b>For all other users:</b></div><div><br>Users who encrypted sensitive data using RNP 0.18.0 (standalone or via Thunderbird with system RNP 0.18.0) should re-encrypt that data with RNP 0.18.1 or 0.17.1 based on their security requirements.<br></div>"}], "value": "For standalone RNP users:\n\n\nUpgrade to RNP 0.18.1 when available.\n\nFor distributions that have packaged 0.18.0:\n\n\nPlease update to 0.18.1 when released, or consider providing 0.17.1 as an\ninterim option.\n\nFor Thunderbird packages using system RNP:\n\n\nIf your Thunderbird package is built with system RNP support and RNP 0.18.0 is installed, update RNP to 0.18.1 or 0.17.1. Consider whether Thunderbird should continue using system RNP or switch to bundled RNP.\n\nFor all other users:\n\n\nUsers who encrypted sensitive data using RNP 0.18.0 (standalone or via Thunderbird with system RNP 0.18.0) should re-encrypt that data with RNP 0.18.1 or 0.17.1 based on their security requirements."}], "source": {"discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2025-06-19T00:00:00.000Z", "value": "RNP 0.18.0 released (vulnerability introduced)."}, {"lang": "en", "time": "2025-11-07T00:00:00.000Z", "value": "Vulnerability discovered and reported by Johannes Roth (MTG AG)."}, {"lang": "en", "time": "2025-11-19T00:00:00.000Z", "value": "CVE-2025-13402 assigned by Red Hat."}, {"lang": "en", "time": "2025-11-20T00:00:00.000Z", "value": "CVE-2025-13470 assigned by Ribose/MITRE."}, {"lang": "en", "time": "2025-11-20T00:00:00.000Z", "value": "Fix developed and tested."}, {"lang": "en", "time": "2025-11-21T00:00:00.000Z", "value": "Planned release date for RNP 0.18.1."}, {"lang": "en", "time": "2025-11-21T00:00:00.000Z", "value": "Public disclosure (same day as release)."}], "title": "RNP 0.18.0 Vulnerable PKESK session keys", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "No workaround.&nbsp; All PKESK-encrypted ciphertext produced with 0.18.0 is compromised.<br><br>"}], "value": "No workaround.\u00a0 All PKESK-encrypted ciphertext produced with 0.18.0 is compromised."}], "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-21T17:35:25.938705Z", "id": "CVE-2025-13470", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T17:35:33.645Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13470", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-21T17:35:25.938705Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T17:35:29.339Z"}}], "cna": {"title": "RNP 0.18.0 Vulnerable PKESK session keys", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Johannes Roth (MTG AG)"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Confidentiality issue for PKESK-encrypted data"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.7, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/RE:H/U:Red", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/rnpgp/rnp", "vendor": "Ribose", "product": "RNP", "versions": [{"status": "affected", "version": "0.18.0"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "* Decryption succeeds for affected ciphertext using an all-zero session key.\n * Attack requires only possession of the ciphertext.\n * Private keys are not exposed.\u00a0 Vulnerability is limited to session key generation path.", "supportingMedia": [{"type": "text/html", "value": "<ul><li>Decryption succeeds for affected ciphertext using an all-zero session key.</li><li>Attack requires only possession of the ciphertext.</li><li>Private keys are not exposed.&nbsp; Vulnerability is limited to session key generation path.</li></ul>", "base64": false}]}], "timeline": [{"lang": "en", "time": "2025-06-19T00:00:00.000Z", "value": "RNP 0.18.0 released (vulnerability introduced)."}, {"lang": "en", "time": "2025-11-07T00:00:00.000Z", "value": "Vulnerability discovered and reported by Johannes Roth (MTG AG)."}, {"lang": "en", "time": "2025-11-19T00:00:00.000Z", "value": "CVE-2025-13402 assigned by Red Hat."}, {"lang": "en", "time": "2025-11-20T00:00:00.000Z", "value": "CVE-2025-13470 assigned by Ribose/MITRE."}, {"lang": "en", "time": "2025-11-20T00:00:00.000Z", "value": "Fix developed and tested."}, {"lang": "en", "time": "2025-11-21T00:00:00.000Z", "value": "Planned release date for RNP 0.18.1."}, {"lang": "en", "time": "2025-11-21T00:00:00.000Z", "value": "Public disclosure (same day as release)."}], "solutions": [{"lang": "en", "value": "For standalone RNP users:\n\n\nUpgrade to RNP 0.18.1 when available.\n\nFor distributions that have packaged 0.18.0:\n\n\nPlease update to 0.18.1 when released, or consider providing 0.17.1 as an\ninterim option.\n\nFor Thunderbird packages using system RNP:\n\n\nIf your Thunderbird package is built with system RNP support and RNP 0.18.0 is installed, update RNP to 0.18.1 or 0.17.1. Consider whether Thunderbird should continue using system RNP or switch to bundled RNP.\n\nFor all other users:\n\n\nUsers who encrypted sensitive data using RNP 0.18.0 (standalone or via Thunderbird with system RNP 0.18.0) should re-encrypt that data with RNP 0.18.1 or 0.17.1 based on their security requirements.", "supportingMedia": [{"type": "text/html", "value": "<div><b>For standalone RNP users:</b></div><div><br>Upgrade to RNP 0.18.1 when available.<br><br><b>For distributions that have packaged 0.18.0:</b></div><div><br>Please update to 0.18.1 when released, or consider providing 0.17.1 as an<br>interim option.<br><br><b>For Thunderbird packages using system RNP:</b></div><div><br>If your Thunderbird package is built with system RNP support and RNP 0.18.0 is installed, update RNP to 0.18.1 or 0.17.1. Consider whether Thunderbird should continue using system RNP or switch to bundled RNP.<br><br><b>For all other users:</b></div><div><br>Users who encrypted sensitive data using RNP 0.18.0 (standalone or via Thunderbird with system RNP 0.18.0) should re-encrypt that data with RNP 0.18.1 or 0.17.1 based on their security requirements.<br></div>", "base64": false}]}], "datePublic": "2025-11-21T00:00:00.000Z", "references": [{"url": "https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a", "name": "Introducing commit", "tags": ["related"]}, {"url": "https://launchpad.net/ubuntu/+source/rnp", "name": "Ubuntu package", "tags": ["x_downstream-package"]}, {"url": "https://aur.archlinux.org/packages/rnp", "name": "Arch Linux AUR package", "tags": ["x_downstream-package"]}, {"url": "https://packages.gentoo.org/packages/dev-util/librnp", "name": "Bugzilla report (may become public)", "tags": ["x_downstream_package"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415863", "tags": ["issue-tracking"]}, {"url": "https://access.redhat.com/security/cve/cve-2025-13402", "tags": ["third-party-advisory"]}, {"url": "https://open.ribose.com/advisories/ra-2025-11-20/", "tags": ["vendor-advisory"]}, {"url": "https://github.com/rnpgp/rnp/releases/tag/v0.18.1", "tags": ["release-notes"]}], "workarounds": [{"lang": "en", "value": "No workaround.\u00a0 All PKESK-encrypted ciphertext produced with 0.18.0 is compromised.", "supportingMedia": [{"type": "text/html", "value": "No workaround.&nbsp; All PKESK-encrypted ciphertext produced with 0.18.0 is compromised.<br><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "In RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\n be left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.\n\nAny data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.\n\nThe vulnerability affects only public key encryption (PKESK packets).\u00a0 Passphrase-based encryption (SKESK packets) is not affected.\n\nRoot cause: Vulnerable session key buffer used in PKESK packet generation.\n\n\n\nThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path.", "supportingMedia": [{"type": "text/html", "value": "<div><p>In RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\n be left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.</p><p>Any data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.<br><br>The vulnerability affects only public key encryption (PKESK packets).&nbsp; Passphrase-based encryption (SKESK packets) is not affected.<br><br>Root cause: Vulnerable session key buffer used in PKESK packet generation.<br></p>\n<p>The defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path.</p><br></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-330", "description": "CWE-330 Use of Insufficiently Random Values"}]}], "providerMetadata": {"orgId": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "shortName": "Ribose", "dateUpdated": "2025-11-21T17:17:44.765Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13470", "state": "PUBLISHED", "dateUpdated": "2025-11-21T17:35:33.645Z", "dateReserved": "2025-11-20T08:36:59.270Z", "assignerOrgId": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "datePublished": "2025-11-21T17:05:15.683Z", "assignerShortName": "Ribose"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\n be left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.\n\nAny data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.\n\nThe vulnerability affects only public key encryption (PKESK packets).\u00a0 Passphrase-based encryption (SKESK packets) is not affected.\n\nRoot cause: Vulnerable session key buffer used in PKESK packet generation.\n\n\n\nThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path."}], "id": "CVE-2025-13470", "lastModified": "2025-11-25T22:16:42.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:H/U:Red", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "HIGH"}, "source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "type": "Secondary"}]}, "published": "2025-11-21T17:15:50.473", "references": [{"source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "url": "https://access.redhat.com/security/cve/cve-2025-13402"}, {"source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "url": "https://aur.archlinux.org/packages/rnp"}, {"source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415863"}, {"source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "url": "https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a"}, {"source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "url": "https://github.com/rnpgp/rnp/releases/tag/v0.18.1"}, {"source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "url": "https://launchpad.net/ubuntu/+source/rnp"}, {"source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "url": "https://open.ribose.com/advisories/ra-2025-11-20/"}, {"source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "url": "https://packages.gentoo.org/packages/dev-util/librnp"}], "sourceIdentifier": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "type": "Secondary"}]}

{"bugzilla": {"description": "RNP: RNP: Confidentiality compromise due to uninitialized symmetric session key in Public-Key Encrypted Session Key (PKESK) packets", "id": "2416402", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416402"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-330", "details": ["In RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\nbe left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.\nAny data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.\nThe vulnerability affects only public key encryption (PKESK packets).\u00a0 Passphrase-based encryption (SKESK packets) is not affected.\nRoot cause: Vulnerable session key buffer used in PKESK packet generation.\nThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path.", "A flaw was found in RNP. This vulnerability allows for the trivial decryption of data encrypted using public-key encryption, fully compromising confidentiality, via an uninitialized symmetric session key in Public-Key Encrypted Session Key (PKESK) packets, which results in an all-zero byte array."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-13470", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-21T17:05:15Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-13470\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13470\nhttps://access.redhat.com/security/cve/cve-2025-13402\nhttps://aur.archlinux.org/packages/rnp\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2415863\nhttps://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a\nhttps://github.com/rnpgp/rnp/releases/tag/v0.18.1\nhttps://launchpad.net/ubuntu/+source/rnp\nhttps://open.ribose.com/advisories/ra-2025-11-20/\nhttps://packages.gentoo.org/packages/dev-util/librnp"], "statement": "No Red Hat products or offerings are affected by this vulnerability.\nThis vulnerability is Important rather than Moderate because it completely undermines the fundamental security property of public-key encryption: the confidentiality of encrypted data. By leaving the PKESK session key uninitialized and effectively forcing it to an all-zero value, RNP 0.18.0 produces ciphertexts that can be decrypted by any attacker, without requiring the private key, without exploiting side channels, and without meeting any environmental preconditions. This is a direct cryptographic failure, not a partial weakness or a degraded security margin. The break is deterministic, universally exploitable, and affects all data encrypted through the affected PKESK path. As a result, encryption provides no protection whatsoever\u2014equivalent to transmitting plaintext\u2014making the impact complete and immediate confidentiality compromise. Vulnerabilities that convert strong encryption into trivially reversible encryption are categorically high-impact, not moderate, due to their total loss of security guarantees and zero attack complexity.", "threat_severity": "Important"}