CVE-2025-7383

Summary

Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

Affected Software

VendorProductVersion RangeStatus
Oberon microsystems AGOberon PSA Crypto1.0.0 <= 1.5.0affected

Weaknesses

  • CWE-208: CWE-208 Observable Timing Discrepancy
  • CWE-327: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References