CVE-2025-7071

Vulnerability Description

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

Related Weaknesses (CWE)

CWE-208 CWE-327

References

https://www.oberon.ch/security-advisories/cve-2025-7071/

FAQ

What is CVE-2025-7071?

CVE-2025-7071 is a documented vulnerability. Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CB...

How severe is CVE-2025-7071?

CVSS scoring is not yet available for CVE-2025-7071. Check NVD for updates.

Is there a patch for CVE-2025-7071?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.