In the library openpgp.js, a vulnerability (CVE-2025-47934) was discovered, allowing attackers to send modified messages that would be perceived as verified by the recipient. Despite the content being altered, the Openpgp.verify and Openpgp.decrypt functions would indicate a successful check of the digital signature. The vulnerability has been fixed in versions 5.11.3 and 6.1.1 of openpgp.js. This issue only affects the 5.x and 6.x branches, not the 4.x branch.
Openpgp.js is a library that implements the OpenPGP protocol in JavaScript. Developed by Proton Mail developers, it is used in various projects like Flowcrypt, Mymail-Crypt, UDC, ENCRYPT.TO, PGP ANYWHERE, and PASSBOLT in addition to Proton Mail encryption.
The vulnerability impacts the verification of signature text (Openpgp.verify) and signed and encrypted messages (Openpgp.decrypt). Attackers can use existing signed messages to create new ones, tricking the version of Openpgp.js into extracting altered contents. This issue does not affect separately distributed signatures, only when the signature is transmitted within the text as a single data block.
An attacker only needs a signed message and knowledge of the original data to manipulate messages and maintain the appearance of a valid signature. Encrypted messages with signatures can also be tampered with by attackers, fooling the system during decryption.