{ "threat_severity" : "Important", "public_date" : "2025-11-21T17:05:15Z", "bugzilla" : { "description" : "RNP: RNP: Confidentiality compromise due to uninitialized symmetric session key in Public-Key Encrypted Session Key (PKESK) packets", "id" : "2416402", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2416402" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status" : "draft" }, "cwe" : "CWE-330", "details" : [ "In RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\nbe left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.\nAny data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.\nThe vulnerability affects only public key encryption (PKESK packets).  Passphrase-based encryption (SKESK packets) is not affected.\nRoot cause: Vulnerable session key buffer used in PKESK packet generation.\nThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path.", "A flaw was found in RNP. This vulnerability allows for the trivial decryption of data encrypted using public-key encryption, fully compromising confidentiality, via an uninitialized symmetric session key in Public-Key Encrypted Session Key (PKESK) packets, which results in an all-zero byte array." ], "statement" : "No Red Hat products or offerings are affected by this vulnerability.\nThis vulnerability is Important rather than Moderate because it completely undermines the fundamental security property of public-key encryption: the confidentiality of encrypted data. By leaving the PKESK session key uninitialized and effectively forcing it to an all-zero value, RNP 0.18.0 produces ciphertexts that can be decrypted by any attacker, without requiring the private key, without exploiting side channels, and without meeting any environmental preconditions. This is a direct cryptographic failure, not a partial weakness or a degraded security margin. The break is deterministic, universally exploitable, and affects all data encrypted through the affected PKESK path. As a result, encryption provides no protection whatsoever—equivalent to transmitting plaintext—making the impact complete and immediate confidentiality compromise. Vulnerabilities that convert strong encryption into trivially reversible encryption are categorically high-impact, not moderate, due to their total loss of security guarantees and zero attack complexity.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-13470\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-13470\nhttps://access.redhat.com/security/cve/cve-2025-13402\nhttps://aur.archlinux.org/packages/rnp\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2415863\nhttps://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a\nhttps://github.com/rnpgp/rnp/releases/tag/v0.18.1\nhttps://launchpad.net/ubuntu/+source/rnp\nhttps://open.ribose.com/advisories/ra-2025-11-20/\nhttps://packages.gentoo.org/packages/dev-util/librnp" ], "name" : "CVE-2025-13470", "mitigation" : { "value" : "No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.", "lang" : "en:us" }, "csaw" : false }