关键信息 CVE ID: CVE-2025-7383 Title: Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto Severity: medium Short Description Padding oracle attack vulnerability in Oberon microsystem AG's Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations. Vulnerability Oberon PSA Crypto is vulnerable to a timing side-channel attack on its implementation of PKCS#7 padding removal. Its AES-CBC code (function in file and a corresponding driver function in ) is not constant-time: the timing differences between "no padding error" and "padding error" could be used by an attacker that is able to send thousands of ciphertexts as probes. First, the length of the actual message could be determined, and then byte by byte the actual message contents. All clients that use AES-CBC PKCS#7 are affected. Impact Full plaintext recovery. Affected Versions The issue affects all versions of Oberon PSA Crypto from 1.0.0 to 1.5.0 inclusive. Resolution As a partial mitigation, the code was made constant-time in release 1.5.1. Affected clients should upgrade to this version. A full mitigation is outside the scope of Oberon PSA Crypto: it requires clients to validate the integrity of a decrypted message, in an application-specific and constant-time way.