Padding Oracle Attack Vulnerability in Oberon Microsystems AG’s ocrypto Library
CVE-2025-7071

5.9MEDIUM

Key Information:

Vendor: Oberon Microsystems Ag
Status: Ocrypto
Vendor: CVE Published:; 29 August 2025

🔔 Create Oberon Microsystems Ag Vulnerability Alert

What is CVE-2025-7071?

The ocrypto library developed by Oberon Microsystems AG is susceptible to a padding oracle attack across various versions. This vulnerability allows attackers to exploit timing discrepancies in the AES-CBC PKCS#7 decryption process, enabling them to reconstruct plaintexts. Versions from 3.1.0 to 3.9.1 are particularly at risk, highlighting the need for immediate remediation to prevent unauthorized data access.

Affected Version(s)

ocrypto 3.1.0 <= 3.9.1

References

https://www.oberon.ch/security-advisories/cve-2025-7071/

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2025
Vulnerability Reserved
Jul 4, 2025