Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in...

5.9 / 10

MEDIUM

CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

Basic Information

ID CVE-2025-7383

Source NCSC.ch

Published Aug 29, 2025 at 09:19

Affected Product

Vendor Oberon microsystems AG

Product Oberon PSA Crypto

Version 1.0.0

Affected Versions Oberon microsystems AG Oberon PSA Crypto 1.0.0

CWE Classification

CWE-208 CWE-327

References

www.oberon.ch /security-advisories/cve-2025-7383/

{
    "lastseen": "",
    "description": "Padding oracle attack vulnerability in Oberon microsystem AG\u2019s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.",
    "published": "2025-08-29T09:19:01.638Z",
    "modified": "2025-08-29T09:19:01.638Z",
    "type": "cve",
    "title": "Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library",
    "source": "NCSC.ch",
    "references": "https://www.oberon.ch/security-advisories/cve-2025-7383/",
    "id": "CVE-2025-7383",
    "bulletinFamily": "",
    "cwe": [
        "CWE-208",
        "CWE-327"
    ],
    "cvelist": null,
    "sourceData": "Oberon microsystems AG Oberon PSA Crypto 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Oberon PSA Crypto",
    "version": "1.0.0",
    "vendor": "Oberon microsystems AG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library_CVE-2025-7383