CVE-2025-47934

Name of the Vulnerable Software and Affected Versions OpenPGP.js versions 5.0.1 through 5.11.2 OpenPGP.js versions 6.0.0 through 6.1.0

Description A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline signed messages and signed-and-encrypted messages to be spoofed. The attacker needs a single valid message signature and the plaintext data that was legitimately signed to construct a spoofed message. Over 4,000 sites are still loading vulnerable OpenPGP.js files, affecting encryption frontends and crypto wallets.

Recommendations For OpenPGP.js versions 5.0.1 through 5.11.2, update to version 5.11.3. For OpenPGP.js versions 6.0.0 through 6.1.0, update to version 6.1.1. As a temporary workaround, when verifying inline-signed messages, extract the message and signature(s) from the message returned by openpgp.readMessage, and verify the signature as a detached signature by passing the signature and a new message containing only the data to openpgp.verify. When decrypting and verifying signed+encrypted messages, decrypt and verify the message in two steps, by first calling openpgp.decrypt without verificationKeys, and then passing the returned signature(s) and a new message containing the decrypted data to openpgp.verify.