CVE-2025-67897 is a vulnerability identified in the Sequoia OpenPGP library, specifically in versions prior to 2.1.0. The root cause is a signed to unsigned conversion error (CWE-195) within the aes_key_unwrap function. This function is responsible for decrypting wrapped AES keys during the processing of encrypted messages. When the function receives a ciphertext that is shorter than expected, it triggers a panic, causing the application to crash. The vulnerability can be exploited remotely by an attacker who sends a crafted encrypted message containing a malformed PKESK (Public-Key Encrypted Session Key) or SKESK (Symmetric-Key Encrypted Session Key) packet. Exploitation does not require prior authentication but does require the victim to process the malicious message, implying some user interaction. The impact is a denial-of-service (DoS) condition, affecting the availability of the application or service relying on Sequoia for cryptographic operations. There is no indication that confidentiality or integrity of data is compromised. No public exploits have been reported to date. The CVSS v3.1 base score is 5.3, reflecting medium severity due to network attack vector, high attack complexity, no privileges required, and user interaction needed. The vulnerability highlights the importance of robust input validation and error handling in cryptographic libraries to prevent crashes from malformed inputs.

For European organizations, the primary impact of CVE-2025-67897 is the potential for denial-of-service attacks against applications using the Sequoia OpenPGP library for encryption and decryption tasks. This could disrupt secure communications, automated email processing, or any service relying on OpenPGP for confidentiality. While the vulnerability does not expose sensitive data or allow unauthorized data modification, service interruptions can affect business continuity, especially in sectors where encrypted messaging is critical, such as finance, government, and healthcare. Organizations with automated systems that process encrypted messages without strict input validation are particularly at risk. The requirement for user interaction to trigger the vulnerability somewhat limits large-scale automated exploitation but targeted attacks against high-value users remain plausible. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure. The medium severity rating suggests organizations should address the issue promptly to avoid service degradation and maintain trust in cryptographic protections.

1. Upgrade Sequoia to version 2.1.0 or later where this vulnerability is fixed. 2. Implement strict input validation on all encrypted messages before processing, ensuring ciphertext lengths meet expected minimums to prevent triggering the panic. 3. Enhance error handling in applications using Sequoia to gracefully handle malformed or unexpected encrypted packets without crashing. 4. Employ application-layer filtering to detect and block suspicious encrypted messages with malformed PKESK or SKESK packets. 5. Educate users and administrators about the risk of processing unsolicited encrypted messages from unknown sources. 6. Monitor application logs for crashes or panic events related to aes_key_unwrap failures to detect potential exploitation attempts. 7. Consider deploying runtime protections such as process isolation or containerization to limit the impact of crashes on critical services. 8. Coordinate with incident response teams to prepare for potential denial-of-service incidents linked to this vulnerability.