Login Sign Up

CVE-2025-68973

7.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability in GnuPG (GNU Privacy Guard) allows an attacker to execute arbitrary code or cause a denial of service by sending specially crafted input. The out-of-bounds write occurs in the armor_filter function when processing PGP armored data. Anyone using vulnerable versions of GnuPG for encryption, decryption, or signature verification is affected.

💻 Affected Systems

Products:
  • GnuPG (GNU Privacy Guard)
  • Software using libgpgme or GnuPG libraries
Versions: GnuPG versions before 2.4.9, and ExtendedLTS versions before 2.2.51
Operating Systems: Linux, Unix-like systems, Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Any system using GnuPG to process PGP armored data from untrusted sources is vulnerable. This includes email clients, backup systems, and automated decryption services.

📦 What is this software?

Gnupg by Gnupg

View all CVEs affecting Gnupg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) or memory corruption that could be leveraged for information disclosure.

🟢

If Mitigated

Limited impact if input validation or sandboxing prevents exploitation, though service disruption remains possible.

🌐 Internet-Facing: MEDIUM - Exploitation requires sending crafted input to GnuPG processes, which may be exposed via email clients, web services, or APIs.
🏢 Internal Only: MEDIUM - Internal systems processing untrusted PGP data (like automated decryption services) are vulnerable.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Proof of concept exists in the referenced CCC talk. Exploitation requires crafting malicious PGP armored data, which could be delivered via email attachments or network services.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GnuPG 2.4.9 or ExtendedLTS 2.2.51 and later

Vendor Advisory: https://gpg.fail/memcpy

Restart Required: Yes

Instructions:

1. Download the latest GnuPG release from https://gnupg.org/download/
2. Verify the package signature
3. Install using your system's package manager or compile from source
4. Restart any services using GnuPG

🔧 Temporary Workarounds

Disable PGP armor processing

all

Prevent processing of PGP armored data if not required

Not applicable - configuration dependent

Input validation

all

Implement strict input validation for PGP data before passing to GnuPG

Not applicable - requires application-level changes

🧯 If You Can't Patch

  • Isolate GnuPG processes in containers or sandboxes to limit impact
  • Implement network segmentation to restrict access to services using GnuPG

🔍 How to Verify

Check if Vulnerable:

Run 'gpg --version' and check if version is below 2.4.9 (or below 2.2.51 for ExtendedLTS)

Check Version:

gpg --version | head -1

Verify Fix Applied:

After patching, run 'gpg --version' to confirm version is 2.4.9 or higher (or 2.2.51+ for ExtendedLTS)

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults or crashes in GnuPG processes
  • Unexpected memory access errors in system logs

Network Indicators:

  • Unusual PGP armored data patterns in network traffic
  • Multiple failed decryption attempts

SIEM Query:

source="*syslog*" AND ("segmentation fault" OR "SIGSEGV") AND process="gpg"

📊 Metadata

CVE ID: CVE-2025-68973
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE: CWE-675
EPSS Score: 0.02% exploit probability (4.3th percentile)
Published: December 28, 2025
Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON