CVE-2025-68972

CVSS v3.1

5.9

Medium

Vector

AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions GnuPG versions through 2.4.8

Description The software is susceptible to a signature verification bypass. If a signed message includes the character 'f' at the end of a plaintext line, an attacker can modify the message to add text after the signed content. Despite this modification, signature verification may succeed, although an "invalid armor" message might be displayed during the verification process. This issue is related to the use of 'f' as a marker to indicate the truncation of long plaintext lines.

Recommendations Update GnuPG to a version newer than 2.4.8.

Exploit

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

AZL-73192

AZL-73911

BDU:2026-05146

CVE-2025-68972

ECHO-7DA4-E7C5-9582

RHSA-2026:7458

Affected Products

Debian

Gnupg

Red Os

CVE-2025-68972

Weakness Enumeration

Related Identifiers

Affected Products

References · 31