Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
History

Fri, 29 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Aug 2025 09:30:00 +0000

Type Values Removed Values Added
Description Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
Title Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library
Weaknesses CWE-208
CWE-327
References
Metrics cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2025-08-29T13:46:14.471Z

Reserved: 2025-07-09T09:43:45.575Z

Link: CVE-2025-7383

cve-icon Vulnrichment

Updated: 2025-08-29T13:46:09.230Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T10:15:32.873

Modified: 2025-08-29T16:24:29.730

Link: CVE-2025-7383

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.