CVE-2025-7383
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-29

Last updated on: 2025-08-29

Assigner: Switzerland Government Common Vulnerability Program

Description
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-29
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-14
NVD
CVE-2025-7383
EUVD
EUVD-2025-26194
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oberon_microsystem_ag oberon_psa_crypto *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
CWE-327 The product uses a broken or risky cryptographic algorithm or protocol.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-7383 is a timing side-channel vulnerability in Oberon microsystem AG's Oberon PSA Crypto library affecting AES-CBC decryption with PKCS#7 padding. The vulnerability arises because the padding removal process is not implemented in constant time, causing measurable timing differences between correct and incorrect padding during decryption. An attacker who can send many ciphertext probes can exploit these timing differences to perform a padding oracle attack, allowing them to determine the exact length of the plaintext and recover the plaintext byte-by-byte. [1]

Impact Analysis

This vulnerability can lead to full plaintext recovery by an attacker. If you use the affected versions of Oberon PSA Crypto library (from 1.0.0 up to 1.5.0) with AES-CBC and PKCS#7 padding, an attacker capable of sending thousands of ciphertext probes can exploit timing differences to decrypt sensitive data without authorization. [1]

Detection Guidance

This vulnerability can be detected by observing timing differences in AES-CBC PKCS#7 decryption operations in Oberon PSA Crypto library versions 1.0.0 to 1.5.0. Detection involves sending multiple ciphertext probes and measuring the timing variations during decryption to identify if the padding removal is not constant-time. Specific commands are not provided in the resources, but detection would typically require custom scripts or tools that measure decryption timing differences when interacting with the vulnerable library. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the Oberon PSA Crypto library to version 1.5.1 or later, where the padding removal code has been made constant-time to partially mitigate the timing side-channel attack. Additionally, clients should implement application-specific, constant-time integrity validation of decrypted messages to fully mitigate the risk, as this is beyond the scope of the library itself. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7383. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart