PT-2025-47788 · Rnp · Rnp

Johannes Roth

·

Published

2025-11-21

·

Updated

2025-11-27

·

CVE-2025-13470

CVSS v4.0

7.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:H/U:Red
Name of the Vulnerable Software and Affected Versions RNP version 0.18.0
Description A regression in RNP version 0.18.0 causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to remain uninitialized, resulting in it always being an all-zero byte array. This allows trivial decryption of data encrypted using public-key encryption by supplying an all-zero session key, fully compromising confidentiality. The issue affects only public key encryption (PKESK packets) and does not impact passphrase-based encryption (SKESK packets). The root cause is a vulnerable session key buffer used in PKESK packet generation, introduced by commit 7bd9a8dc356aae756b40755be76d36205b6b161a, where initialization logic inside encrypted build skesk() only randomized the key for the SKESK path and omitted it for the PKESK path.
Recommendations Update to a newer version of RNP that addresses this issue.

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-330

Related Identifiers

CVE-2025-13470
OPENSUSE-SU-2025:15762-1
OPENSUSE-SU-2025:20116-1

Affected Products

Rnp