Full Report
PGP is a JavaScript implementation of PGP that implements the OpenPGP standard for RFC 9580. It's used for encrypted emails, signing git commits and many other things. The PGP payload consists of a list of packets with no overarching header. The packets implementa custom binary protocol that can be sent as is or base64 encoded. The format is VERY flexible as a result. Different types of packets can be sent in any order. The vulnerability is around the unnecessary parsing of extra data on a PGP packet. The signature data should be the final part of the packet according to the specification. Crazily enough, it doesn't have to be! The verification code will iterate over until the signature packet. However, the usage code takes all of the blocks. This means that dangling data at the end is still vaild, even though it was never verified. This applies to both encryption and signature verification. Overall, a good post! These issues around double parsing of blocks are becoming more and more relevent and this is a trick to keep in mind.
Analysis Summary
# Vulnerability: OpenPGP.js Signature Verification Bypass via Trailing Data
## CVE Details
- CVE ID: CVE-2025-47934
- CVSS Score: Critical (Specific score not provided, but context suggests high impact based on spoofing core functionality)
- CWE: CWE-754 (Improper Restriction of Operations Within the Bounds of a Resource - related to improper handling of message structure/trailing data)
## Affected Systems
- Products: OpenPGP.js library
- Versions: Versions prior to v5.11.3 and v6.1.1
- Configurations: Any configuration using the existing parsing logic that processes PGP packets, affecting both encryption and signature verification routines. (Noted that Proton Mail was *not* affected, but Mailvelope was).
## Vulnerability Description
The vulnerability stems from the flexible and non-strict parsing of PGP packet lists within OpenPGP.js. According to the OpenPGP standard (RFC 9580), the cryptographic signature data should be the final part of the relevant packet structure.
The flawed logic iterates over packets to find necessary components (like the Literal Data packet and the Signature packet) but consumes *all* remaining blocks/packets in the payload stream, even if those trailing blocks appear after the formally required signature packet. This means an attacker can append arbitrary, unverified packets (e.g., a trailing `Compressed Data` packet containing malicious data) to a legitimate PGP message or signature block.
When signature verification is performed, the library correctly identifies the signature over the legitimate data but treats the subsequent, tacked-on packets as valid content. This allows an attacker to **spoof** arbitrary signed data, making a message appear signed by Alice when it was not, as the signature verification process completes successfully over the expected data, ignoring the unverified noise appended to the end of the payload.
## Exploitation
- Status: PoC available (The write-up demonstrates the possibility using a crafted packet list).
- Complexity: Low (Relative to crafting the specific message structure).
- Attack Vector: Network (Via sending a maliciously crafted PGP payload).
## Impact
- Confidentiality: Potential impact if used in systems handling encrypted material where the signature is relied upon for message origin validation.
- Integrity: **High**. An attacker can successfully forge a digital signature from a legitimate key holder (spoofing).
- Availability: Low, primarily impacting trust in the integrity of PGP operations.
## Remediation
### Patches
- OpenPGP.js v5.11.3
- OpenPGP.js v6.1.1
- Mailvelope v6.0.1 (for indirect dependency users)
### Workarounds
- The advisory released by maintainers (GHSA-8qff-qr5q-5pr8) contains alternative workarounds for users unable to update immediately. (Specific details of the workaround are not provided in the summary context).
## Detection
- **Indicators of Compromise**: Look for PGP messages or signatures that contain expected signature packets followed immediately by unexpected/unnecessary packet types (e.g., trailing `Compressed Data` packets).
- **Detection Methods and Tools**: Monitoring PGP processing logs for parsing errors or unexpected stream terminations, although the primary fix is structural (strict grammar verification).
## References
- Vendor Advisories: [https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8]
- Relevant Links: [codeanlabs.com/2025/06/cve-2025-47934-spoofing-openpgp-js-signatures/]