A flaw has been discovered in OpenPGP.js, a widely used JavaScript library for OpenPGP encryption. Tracked as CVE-2025-47934, the vulnerability allows threat actors to spoof both signed and encrypted messages, effectively undermining the very foundation of trust in public key cryptography.
The vulnerability, rated 8.7 (High) on the CVSS scale, was discovered by security researchers Edoardo Geraci and Thomas Rinsma of Codean Labs. Their findings were disclosed in an advisory posted to the OpenPGP.js GitHub repository, with a full technical write-up and proof-of-concept exploit.
The delay in publishing the PoC is a standard practice intended to give developers and users time to apply necessary patches.
Nature of the CVE-2025-47934 Vulnerability
The issue lies in the openpgp.verify and openpgp.decrypt functions of OpenPGP.js. According to the advisory, a malicious message can be processed by these functions in a way that falsely returns a valid signature verification, even though the message was never signed by a trusted party. This defect affects both inline-signed messages and signed-and-encrypted messages.
In technical terms, the vulnerability arises because OpenPGP.js fails to correctly associate the extracted message data with its actual signature during verification. This oversight allows attackers to manipulate the content of a message while retaining a valid signature from a previous, unrelated message.
“In order to spoof a message,” the advisory explains, “the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed. They can then construct an inline-signed or signed-and-encrypted message containing any data of their choice, which will appear as legitimately signed.”
This means a bad actor can reuse a valid signature to forge new content that appears authentic to the recipient, bypassing the trust model OpenPGP is built upon.
The vulnerability affects versions 5.0.1 through 5.11.2 and 6.0.0-alpha.0 through 6.1.0 of OpenPGP.js. Users are strongly advised to upgrade to version 5.11.3 or 6.1.1, both of which contain the necessary security patches. Notably, version 4.x remains unaffected by this issue.
Mitigation Strategies
While patches are available, users who cannot immediately upgrade are encouraged to implement workarounds:
- For inline-signed messages, manually extract the message and signature, then verify the signature as if it were detached. This involves creating a new message object using openpgp.createMessage and passing it along with the extracted signature to openpgp.verify.
- For signed-and-encrypted messages, first decrypt the message without specifying verification keys. Then verify the decrypted content in a separate step, again treating the signature as detached.
These steps prevent reliance on the vulnerable combined verification-decryption logic present in the affected versions.
To sum up, the discovery of CVE-2025-47934 highlights the critical risks inherent in client-side cryptographic libraries, particularly those written in JavaScript and used in browser environments. It highlights the necessity of rigorous testing and validation for tools that secure encrypted communications.
