Home

Description

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

PUBLISHED Reserved 2025-07-04 | Published 2025-08-29 | Updated 2025-08-29 | Assigner NCSC.ch




MEDIUM: 5.9CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-208 Observable Timing Discrepancy

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

Product status

Default status
unaffected

3.1.0
affected

References

www.oberon.ch/security-advisories/cve-2025-7071/

cve.org (CVE-2025-7071)

nvd.nist.gov (CVE-2025-7071)

Download JSON