A critical vulnerability in the widely used OpenPGP.js library has been discovered that allows attackers to spoof message signatures, potentially compromising the integrity of encrypted communications across numerous web-based email clients.
The security flaw, tracked as CVE-2025-47934, affects OpenPGP.js versions 5.0.1 through 5.11.2 and 6.0.0-alpha.0 through 6.1.0. The vulnerability enables attackers to manipulate signed messages in a way that causes signature verification functions to return valid results while displaying entirely different content than what was originally signed.
Researchers from Codean Labs, Edoardo Geraci and Thomas Rinsma, discovered that maliciously modified messages passed to openpgp.verify() or openpgp.decrypt() functions can bypass signature verification. The attack works by exploiting how the library parses packet lists in OpenPGP messages.
The vulnerability stems from improper handling of compressed data packets within message structures. Attackers can append a malicious compressed data packet containing arbitrary content to a legitimately signed message. When processed, the library verifies the signature against the original content but returns the attacker's malicious data to the user.
"A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed," according to the security advisory.
Impact and Affected Systems
This vulnerability poses significant risks to applications relying on OpenPGP.js for message integrity verification, including popular encrypted email clients like Proton Mail and Mailvelope. Both inline signed messages and signed-and-encrypted messages are vulnerable to spoofing attacks.
The OpenPGP.js development team has released patches in versions 5.11.3 and 6.1.1. Users are strongly advised to update immediately. For those unable to update, workarounds involve manually extracting and verifying signatures as detached signatures or performing decryption and verification in separate steps.