CVE-2025-13470 — Use of Insufficiently Random Values in RNP

CWE-330 — Use of Insufficiently Random Values5 documents5 sources

Severity

7.7HIGHNVD

EPSS

0.0%

top 92.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ribose RNP Debian RNP

Timeline

PublishedNov 21

Description

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key (PKESK) packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release can be decrypted trivially by supplying an all-zero session key, fully compromising confidentiality. The vulnerability affects only public key encryption (PKESK packets). Passphrase-based encryption …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

▶debiandebian/rnp< rnp 0.18.1-1 (forky)

▶Debianribose/rnp< 0.18.1-1

▶CVEListV5ribose/rnp0.18.0

🔴Vulnerability Details

OSV

CVE-2025-13470: In RNP version 0↗2025-11-21

▶

GHSA

GHSA-r3r8-w3g2-hq7h: In RNP version 0↗2025-11-21

▶

📋Vendor Advisories

Red Hat

RNP: RNP: Confidentiality compromise due to uninitialized symmetric session key in Public-Key Encrypted Session Key (PKESK) packets↗2025-11-21

▶

Debian

CVE-2025-13470: rnp - In RNP version 0.18.0 a refactoring regression causes the symmetric session key...↗2025

▶