CVE-2025-9071

Summary

Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs.

Affected Software

VendorProductVersion RangeStatus
Oberon microsystems AGOberon PSA Crypto1.0.0 <= 1.5.1affected

Weaknesses

  • CWE-780: CWE-780 Use of RSA Algorithm without OEAP

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References