CVE-2025-13470
Published:November 21, 2025
Updated:May 17, 2026
In RNP version 0.18.0 a refactoring regression causes the symmetric
session key used for Public-Key Encrypted Session Key (PKESK) packets to
be left uninitialized except for zeroing, resulting in it always being
an all-zero byte array.
Any data encrypted using public-key encryption
in this release can be decrypted trivially by supplying an all-zero
session key, fully compromising confidentiality.
The vulnerability affects only public key encryption (PKESK packets). Passphrase-based encryption (SKESK packets) is not affected.
Root cause: Vulnerable session key buffer used in PKESK packet generation.
The defect was introduced in commit "7bd9a8dc356aae756b40755be76d36205b6b161a" where initialization
logic inside "encrypted_build_skesk()" only randomized the key for the
SKESK path and omitted it for the PKESK path.
Affected Packages
https://github.com/rnpgp/rnp.git (GITHUB):
Affected version(s) >=v0.9.1 <v0.18.0Fix Suggestion:
Update to version v0.18.0Related Resources (9)
Do you need more information?
Contact UsCVSS v4
Base Score:
7.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
POC
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Use of Insufficiently Random Values
EPSS
Base Score:
0.04