CVE-2025-7071

Medium CVSS: 5.9

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

Vendor

Product

CWE

CWE-208

Yayın Tarihi

2025-08-29 10:15:32

Güncelleme

2025-08-29 16:24:29

Source Identifier

vulnerability@ncsc.ch

KEV Date Added

Kategoriler

CWE-208 MEDIUM 2025

Referanslar

https://www.oberon.ch/security-advisories/cve-2025-7071/