Abstract: Cryptanalysis of the certificateless verifiable signcryption scheme proposed by Zhou Min et al shows that the scheme has the following security flaws: the scheme can’t resist indistinguishability under the chosen ciphertext attack; the adversary can forge a valid signcryption ciphertext for any message of any user under public key replacement attacks; the malicious KGC can forge the ciphertext for any message and can also decrypt any ciphertext; the scheme is not forward-secure because the encryption key does not contain a random number