CVE-2025-13470 – RNP 0.18.0 Vulnerable PKESK session keys

CVE ID : CVE-2025-13470

Published : Nov. 21, 2025, 5:05 p.m. | 10 minutes ago

Description : In RNP version 0.18.0 a refactoring regression causes the symmetric
session key used for Public-Key Encrypted Session Key (PKESK) packets to
be left uninitialized except for zeroing, resulting in it always being
an all-zero byte array.

Any data encrypted using public-key encryption
in this release can be decrypted trivially by supplying an all-zero
session key, fully compromising confidentiality.

The vulnerability affects only public key encryption (PKESK packets).  Passphrase-based encryption (SKESK packets) is not affected.

Root cause: Vulnerable session key buffer used in PKESK packet generation.

The defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization
logic inside `encrypted_build_skesk()` only randomized the key for the
SKESK path and omitted it for the PKESK path.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…