CVE-2025-7071 MEDIUM

CVE-2025-7071: Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library

Vendor Oberon Microsystems Ag
Product ocrypto
Weakness CWE-208
Published August 29, 2025
Last update August 29, 2025

CVSS base score

5.9/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

Key dates

02Disclosure timeline

August 29, 2025 CVE published
August 29, 2025 Record updated