<ul><li>A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, allows attackers to spoof message signatures.</li><li>OpenPGP.js is an open-source JavaScript library used for email and data encryption.</li><li>Vulnerability affects versions 5.0.1 to 5.11.2 and 6.0.0 to 6.1.0, enabling attackers to craft misleading messages.</li><li>The issue is patched in versions 5.11.3 and 6.1.1, with manual signature checks available as workarounds.</li></ul>

A critical flaw in OpenPGP.js lets attackers spoof message signatures

Discover more