A vulnerability has been identified in OpenPGP.js that allows attackers to spoof signed and encrypted messages, undermining trust in public key cryptography. Users are urged to update to patched versions to mitigate the risk of message forgery. #CVE-2025-47934 #OpenPGP.js #cryptography
Keypoints
- A flaw in OpenPGP.js impacts its verification and decryption functions, enabling message spoofing.
- The vulnerability affects multiple versions of OpenPGP.js before the patch release.
- Attackers can reuse valid signatures to forge messages that appear legitimately signed.
- Security researchers disclosed the flaw with a technical advisory and proof-of-concept exploit.
- Users should update to version 5.11.3 or 6.1.1 or apply recommended workarounds to stay protected.
Read More: https://thecyberexpress.com/cve-2025-47934-openpgp-vulnerability/