关键信息 CVE ID: CVE-2025-7071 Title: Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto Severity: medium Short Description Padding oracle attack vulnerability in Oberon microsystem AG's ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations. Vulnerability ocrypto is vulnerable to a timing side-channel attack on its implementation of PKCS#7 padding removal. Its AES-CBC code (function in file ) is not constant-time: the timing differences between “no padding error” and “padding error” could be used by an attacker that is able to send thousands of ciphertexts as probes. First, the length of the actual message could be determined, and then byte by byte the actual message contents. All clients that use AES-CBC PKCS#7 are affected. Impact Full plaintext recovery. Affected Versions The issue affects all versions of ocrypto from 3.1.0 to 3.9.1 inclusive. Resolution As a partial mitigation, the code was made constant-time in release 3.9.2. Affected clients should upgrade to this version. A full mitigation is outside the scope of ocrypto: it requires clients to validate the integrity of a decrypted message, in an application-specific and constant-time way.