Home > Vulnerability Database > CVE-2025-67897

Mend.io Vulnerability Database

CVE-2025-67897

Good to know:

Date: December 14, 2025

In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.

Severity Score

5.3

Related Resources (8)

Url: https://bugs.debian.org/1122582

Url: https://gitlab.com/sequoia-pgp/sequoia

Url: https://gitlab.com/sequoia-pgp/sequoia/-/blob/b59886e5e7bdf7169ed330f309a6633d131776e5/openpgp/NEWS#L7-L26

Url: https://crates.io/crates/sequoia-openpgp

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-67897

Url: https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5

Url: https://rustsec.org/advisories/RUSTSEC-2025-0136.html

Url: https://www.mend.io/vulnerability-database/CVE-2025-67897

Severity Score

5.3

Weakness Type (CWE)

Signed to Unsigned Conversion Error

CWE-195

Top Fix

Upgrade Version

Upgrade to version sequoia-openpgp - 2.1.0;https://gitlab.com/sequoia-pgp/sequoia.git - openpgp/v2.1.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-67897

Good to know:

Date: December 14, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?