CVE-2025-7071— Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-7071
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library
Source: NVD (National Vulnerability Database)
Vulnerability Description
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过时间差异性导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Oberon microsystem AG ocrypto library 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Oberon microsystem AG ocrypto library是瑞士Oberon公司的一个加密软件库。 Oberon microsystem AG ocrypto library 3.1.0至3.9.2之前版本存在安全漏洞,该漏洞源于AES-CBC PKCS#7解密操作存在填充预言攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Oberon microsystems AG | ocrypto | 3.1.0 ~ 3.9.1 | - |
II. Public POCs for CVE-2025-7071
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-7071
请登录查看更多情报信息。
Same Patch Batch · Oberon microsystems AG · 2025-08-29 · 3 CVEs total
| CVE-2025-7383 | Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA | |
| CVE-2025-9071 | Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto |
IV. Related Vulnerabilities
Same weakness: CWE-208
- CVE-2026-41588
RELATE: Timing Attack Vulnerability in course/auth.py — chec - CVE-2026-41161
Username Enumeration via Timing Attack - CVE-2026-33006
Apache HTTP Server: mod_auth_digest timing attack - CVE-2026-41263
Traefik: BasicAuth middleware: timing side-channel vulnerabi - CVE-2026-41407
OpenClaw < 2026.4.2 - Timing Side Channel in Shared-Secret C
V. Comments for CVE-2025-7071
No comments yet