The developers of OpenPGP.js have released updates to patch a critical vulnerability that can be exploited to spoof message signature verification.
OpenPGP.js is an open source JavaScript implementation of the OpenPGP email encryption library, enabling its use on any device. According to its developers, “The idea is to implement all the needed OpenPGP functionality in a JavaScript library that can be reused in other projects that provide browser extensions or server applications.”
Its website shows that OpenPGP.js is used by projects such as FlowCrypt, Mymail-Crypt, UDC, Encrypt.to, PGP Anywhere, and Passbolt.
Researchers Edoardo Geraci and Thomas Rinsma of Codean Labs discovered recently that OpenPGP.js is affected by a critical vulnerability.
The flaw enables an attacker to spoof signature verification using a specially crafted message passed to the ‘openpgp.verify’ or ‘openpgp.decrypt’ functions, causing them to “return a valid signature verification result while returning data that was not actually signed”.
“In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker’s choice, which will appear as legitimately signed by affected versions of OpenPGP.js,” the researchers explained.
“In other words, any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker’s choice) together with that signature,” they added.
Tracked as CVE-2025-47934, the issue impacts OpenPGP.js versions 5 and 6, and it has been patched with the release of versions 5.11.3 and 6.1.1. Workarounds are also available.
Related: Cisco Confirms Some Products Impacted by Critical Erlang/OTP Flaw
Related: Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers
Related: Solana Web3.js Library Backdoored in Supply Chain Attack
Related: Critical Commvault Vulnerability in Attacker Crosshairs
