Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 29 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Aug 2025 09:30:00 +0000

Type Values Removed Values Added
Description Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs.
Title Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto
Weaknesses CWE-780
References
Metrics cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/RE:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published:

Updated: 2025-08-29T13:45:42.363Z

Reserved: 2025-08-15T14:58:36.635Z

Link: CVE-2025-9071

cve-icon Vulnrichment

Updated: 2025-08-29T13:45:33.657Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T10:15:33.020

Modified: 2025-08-29T16:24:29.730

Link: CVE-2025-9071

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.