Critical Vulnerability in OpenPGP.js Allows Message Signature Forgery

A critical vulnerability in OpenPGP.js, listed under the number CVE-2025-47934, allows attackers to forge message signatures. This vulnerability affects the verification of message signatures in OpenPGP.js, an open-source JavaScript library that implements the OpenPGP standard for email and data encryption. Updates have been released to fix this flaw.