Padding Oracle Attack Vulnerability in Oberon PSA Crypto Library from Oberon Microsystems
CVE-2025-7383

5.9MEDIUM

Key Information:

Vendor: Oberon Microsystems Ag
Status: Oberon Psa Crypto
Vendor: CVE Published:; 29 August 2025

🔔 Create Oberon Microsystems Ag Vulnerability Alert

What is CVE-2025-7383?

The Oberon PSA Crypto library, developed by Oberon Microsystems, is vulnerable to a padding oracle attack across all versions from 1.0.0 to prior to 1.5.1. This vulnerability allows attackers to leverage timing measurements during AES-CBC PKCS#7 decrypt operations, potentially enabling them to recover sensitive plaintext data. The issue emphasizes the need for robust security practices and timely updates to safeguard against data breaches stemming from cryptographic vulnerabilities.

Affected Version(s)

Oberon PSA Crypto 1.0.0 <= 1.5.0

References

https://www.oberon.ch/security-advisories/cve-2025-7383/

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2025
Vulnerability Reserved
Jul 9, 2025