CVE-2025-13470 is a cryptographic vulnerability identified in Ribose RNP version 0.18.0, a widely used OpenPGP implementation. The issue stems from a refactoring regression introduced in commit 7bd9a8dc356aae756b40755be76d36205b6b161a, where the symmetric session key buffer used for Public-Key Encrypted Session Key (PKESK) packets was left uninitialized except for zeroing. Specifically, the initialization logic that randomized the session key was applied only to the passphrase-based encryption path (SKESK) but omitted for the PKESK path. As a result, the session key used in PKESK packets is always an all-zero byte array. This critical flaw allows any data encrypted using public-key encryption in RNP 0.18.0 to be decrypted trivially by an attacker who supplies the all-zero session key, completely breaking the confidentiality guarantees of the encryption. The vulnerability does not affect passphrase-based encryption (SKESK packets), limiting the scope to public-key encrypted data. The CVSS 4.0 score is 7.7 (high severity), reflecting the network attack vector, no required privileges or user interaction, and a high impact on confidentiality. No known exploits have been reported in the wild yet, but the vulnerability is straightforward to exploit given the static session key. This defect compromises the fundamental security of encrypted communications relying on RNP 0.18.0's public-key encryption, potentially exposing sensitive data to unauthorized parties.

For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive communications and data protected using Ribose RNP 0.18.0 public-key encryption. Sectors such as government agencies, financial institutions, healthcare providers, and critical infrastructure operators that rely on OpenPGP encryption for secure email, document exchange, or key management could face data breaches if attackers exploit this flaw. The trivial decryptability of encrypted data means that intercepted communications or stored encrypted files can be compromised without complex cryptanalysis. This undermines trust in encrypted communications and may lead to regulatory non-compliance under GDPR and other data protection laws, resulting in legal and financial repercussions. Additionally, espionage or cybercrime groups could leverage this vulnerability to gain access to confidential information. The lack of required authentication or user interaction increases the attack surface, making remote exploitation feasible. Although no exploits are currently known in the wild, the vulnerability’s simplicity and severity necessitate urgent attention to prevent potential incidents.

European organizations should immediately audit their use of Ribose RNP to identify deployments of version 0.18.0. Until a patched version is released, they should avoid using RNP 0.18.0 for public-key encryption tasks and revert to a previous secure version or alternative OpenPGP implementations. If public-key encryption is essential, switching to passphrase-based encryption (SKESK packets) temporarily can mitigate exposure since it is unaffected. Organizations should monitor Ribose’s official channels for patches and apply updates promptly once available. Additionally, they should implement network-level controls to detect and block suspicious traffic that may attempt to exploit this vulnerability. Encrypting sensitive data with multiple layers or alternative cryptographic tools can provide defense in depth. Regularly reviewing cryptographic libraries and enforcing strict version control policies will help prevent similar regressions. Finally, organizations should conduct security awareness training to highlight the importance of timely patching and cryptographic hygiene.