Deterministic RSA Vulnerability in Oberon PSA Crypto Library
CVE-2025-9071

2.3LOW

Key Information:

Vendor: Oberon Microsystems Ag
Status: Oberon Psa Crypto
Vendor: CVE Published:; 29 August 2025

🔔 Create Oberon Microsystems Ag Vulnerability Alert

What is CVE-2025-9071?

The Oberon PSA Crypto library has a security flaw that arises from the use of an all-zero seed for RSA-OEAP padding in all versions up to 1.5.1. This misconfiguration leads to deterministic RSA operations, jeopardizing message confidentiality and allowing for potential exposure of guessable messages. Additionally, this vulnerability enables the recognition of repeated messages, undermining the security principles intended to protect data integrity. Users are encouraged to review their implementations and apply recommended measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Oberon PSA Crypto 1.0.0 <= 1.5.1

References

https://www.oberon.ch/security-advisories/cve-2025-9071/

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2025
Vulnerability Reserved
Aug 15, 2025

Credit

Nordic Semiconductor ASA