Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in...

5.9 / 10

MEDIUM

CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

Basic Information

ID CVE-2025-7071

Source NCSC.ch

Published Aug 29, 2025 at 09:18

Affected Product

Vendor Oberon microsystems AG

Product ocrypto

Version 3.1.0

Affected Versions Oberon microsystems AG ocrypto 3.1.0

CWE Classification

CWE-208 CWE-327

References

www.oberon.ch /security-advisories/cve-2025-7071/

{
    "lastseen": "",
    "description": "Padding oracle attack vulnerability in Oberon microsystem AG\u2019s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.",
    "published": "2025-08-29T09:18:06.911Z",
    "modified": "2025-08-29T09:18:06.911Z",
    "type": "cve",
    "title": "Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library",
    "source": "NCSC.ch",
    "references": "https://www.oberon.ch/security-advisories/cve-2025-7071/",
    "id": "CVE-2025-7071",
    "bulletinFamily": "",
    "cwe": [
        "CWE-208",
        "CWE-327"
    ],
    "cvelist": null,
    "sourceData": "Oberon microsystems AG ocrypto 3.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ocrypto",
    "version": "3.1.0",
    "vendor": "Oberon microsystems AG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library_CVE-2025-7071