CVE-2025-7383
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-08-29
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oberon_microsystem_ag | oberon_psa_crypto | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-208 | Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
| CWE-327 | The product uses a broken or risky cryptographic algorithm or protocol. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7383 is a timing side-channel vulnerability in Oberon microsystem AG's Oberon PSA Crypto library affecting AES-CBC decryption with PKCS#7 padding. The vulnerability arises because the padding removal process is not implemented in constant time, causing measurable timing differences between correct and incorrect padding during decryption. An attacker who can send many ciphertext probes can exploit these timing differences to perform a padding oracle attack, allowing them to determine the exact length of the plaintext and recover the plaintext byte-by-byte. [1]
How can this vulnerability impact me? :
This vulnerability can lead to full plaintext recovery by an attacker. If you use the affected versions of Oberon PSA Crypto library (from 1.0.0 up to 1.5.0) with AES-CBC and PKCS#7 padding, an attacker capable of sending thousands of ciphertext probes can exploit timing differences to decrypt sensitive data without authorization. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing timing differences in AES-CBC PKCS#7 decryption operations in Oberon PSA Crypto library versions 1.0.0 to 1.5.0. Detection involves sending multiple ciphertext probes and measuring the timing variations during decryption to identify if the padding removal is not constant-time. Specific commands are not provided in the resources, but detection would typically require custom scripts or tools that measure decryption timing differences when interacting with the vulnerable library. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade the Oberon PSA Crypto library to version 1.5.1 or later, where the padding removal code has been made constant-time to partially mitigate the timing side-channel attack. Additionally, clients should implement application-specific, constant-time integrity validation of decrypted messages to fully mitigate the risk, as this is beyond the scope of the library itself. [1]