CVE-2025-7383 in PSA Cryptoinfo

Summary

by MITRE • 08/29/2025

Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 08/29/2025

The vulnerability identified as CVE-2025-7383 represents a critical padding oracle attack flaw within the Oberon PSA Crypto library developed by Oberon microsystem AG. This weakness affects all versions from 1.0.0 through 1.5.0, creating a significant security risk for any system utilizing this cryptographic library for AES-CBC encryption operations. The vulnerability stems from improper handling of padding validation during decryption processes, specifically within the PKCS#7 padding scheme implementation. Attackers can exploit this flaw by measuring timing differences in decryption operations to systematically determine the plaintext content without possessing the cryptographic key.

The technical implementation of this vulnerability resides in the cryptographic library's response to invalid padding conditions during AES-CBC decryption. When the library processes ciphertext encrypted with AES-CBC mode and PKCS#7 padding, it provides different timing responses for valid and invalid padding scenarios. This timing variation creates a side-channel attack vector that allows adversaries to perform statistical analysis and iterative decryption attempts. The attacker can submit modified ciphertexts and observe response times to infer information about the padding validity, ultimately reconstructing the original plaintext through repeated measurements and mathematical analysis.

From an operational perspective, this vulnerability poses severe risks to systems relying on the Oberon PSA Crypto library for secure communications and data protection. Applications that utilize this library for encryption operations including secure messaging, database encryption, or authentication protocols become vulnerable to plaintext recovery attacks. The impact extends beyond simple data confidentiality breaches as attackers could potentially reconstruct sensitive information such as user credentials, session tokens, or proprietary data. The vulnerability affects the fundamental security guarantees of the encryption scheme, undermining the integrity of cryptographic operations and potentially enabling further attacks such as man-in-the-middle or replay attacks.

The vulnerability aligns with CWE-129 and CWE-310 categories, specifically addressing weaknesses in input validation and cryptographic implementation. It also maps to ATT&CK technique T1552.004 for unsecured credentials and T1071.004 for application layer protocol traffic. Organizations should immediately implement the vendor-provided patch version 1.5.1 to address this vulnerability. Additional mitigations include monitoring for unusual timing variations in cryptographic operations, implementing rate limiting for decryption requests, and considering alternative cryptographic implementations if immediate patching is not feasible. Security teams should also conduct comprehensive vulnerability assessments to identify all systems utilizing this library and ensure proper remediation across the entire infrastructure.

Responsible

NCSC.ch

Reservation

07/09/2025

Disclosure

08/29/2025

Moderation

accepted

CPE

ready

EPSS

0.00083

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!