CVE-2025-7071

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

CVSS

No CVSS.

References

Link	Resource
https://www.oberon.ch/security-advisories/cve-2025-7071/

Configurations

No configuration.

History

29 Aug 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-29 10:15

Updated : 2025-08-29 16:24

NVD link : CVE-2025-7071

Mitre link : CVE-2025-7071

CVE.ORG link : CVE-2025-7071

JSON object : View

Products Affected

No product.

CWE

CWE-208

Observable Timing Discrepancy

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2025-7071", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-29T10:15:32.630", "references": [{"url": "https://www.oberon.ch/security-advisories/cve-2025-7071/", "source": "vulnerability@ncsc.ch"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "description": [{"lang": "en", "value": "CWE-208"}, {"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "Padding oracle attack vulnerability in Oberon microsystem AG\u2019s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations."}], "lastModified": "2025-08-29T16:24:29.730", "sourceIdentifier": "vulnerability@ncsc.ch"}

CVE-2025-7071

JSON object

Attach tags to CVE-2025-7071

Attach tags to `CVE-2025-7071`