CVE-2025-13470

216.73.216.36

· Published 21/11/2025 17:15 · Modified 25/11/2025 22:16

Labels: CVE-2025-13470 2025-11-21 6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3 CVE-2025-13470 CWE-330

Essential information

Published: 21/11/2025 17:15
Modified: 25/11/2025 22:16
Author: —
Creator: —
CVSS: 7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release can be decrypted trivially by supplying an all-zero session key, fully compromising confidentiality. The vulnerability affects only public key encryption (PKESK packets). Passphrase-based encryption (SKESK packets) is not affected. Root cause: Vulnerable session key buffer used in PKESK packet generation. The defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization logic inside `encrypted_build_skesk()` only randomized the key for the SKESK path and omitted it for the PKESK path.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: 6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3
NVD: View on NVD

CVE-2025-13470

Essential information

CVSS metrics

Description

NVD status

References