Padding oracle attack vulnerability in Oberon microsystem... · CVE-2025-7383 · GitHub Advisory Database · GitHub

Padding oracle attack vulnerability in Oberon microsystem...

Moderate severity Unreviewed Published Aug 29, 2025 to the GitHub Advisory Database • Updated Aug 29, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.

References

Published by the National Vulnerability Database

Aug 29, 2025

Published to the GitHub Advisory Database Aug 29, 2025

Last updated Aug 29, 2025

Severity

Moderate

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Local

Attack Complexity High

Attack Requirements Present

Privileges Required None

User interaction None

Vulnerable System Impact Metrics

Confidentiality High

Integrity None

Availability None

Subsequent System Impact Metrics

Confidentiality None

Integrity None

Availability None

CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X