CVE-2025-9071

Low CVSS: 2.3

Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs.

Vendor

Product

CWE

CWE-780

Yayın Tarihi

2025-08-29 10:15:33

Güncelleme

2025-08-29 16:24:29

Source Identifier

vulnerability@ncsc.ch

KEV Date Added

Kategoriler

CWE-780 LOW 2025

Referanslar

https://www.oberon.ch/security-advisories/cve-2025-9071/