CVE-2025-24904 is a vulnerability in libsignal-service‑rs, a Rust implementation of the libsignal‑service‑java library used for communicating with Signal servers. Before the fix, the library did not properly verify plaintext content envelopes, which allowed a server or a malicious client to inject these envelopes. This flaw could have bypassed end‑to‑end encryption and authentication mechanisms. The issue…

Continue Reading