CVE-2025-7071 is a medium-severity vulnerability affecting Oberon microsystems AG's ocrypto library versions from 3.1.0 up to but not including 3.9.2. The vulnerability arises from a padding oracle attack vector due to observable timing discrepancies during AES-CBC PKCS#7 decryption operations. Specifically, the ocrypto library's implementation of AES-CBC mode with PKCS#7 padding leaks timing information that can be measured by an attacker. This leakage allows the attacker to infer whether the padding of a decrypted ciphertext is correct or not, enabling them to gradually recover plaintext data without needing any authentication or user interaction. The vulnerability is classified under CWE-208 (Observable Timing Discrepancy) and CWE-327 (Use of a Broken or Risky Cryptographic Algorithm), indicating that the cryptographic implementation is flawed in a way that leaks sensitive information through timing side channels. The CVSS 4.0 score is 5.9 (medium), with an attack vector of local (AV:L), high attack complexity (AC:H), partial attack type (AT:P), no privileges required (PR:N), and no user interaction (UI:N). The vulnerability does not affect confidentiality, integrity, or availability directly in a broad scope but specifically compromises confidentiality of plaintext data processed by the vulnerable cryptographic library. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was published on August 29, 2025, and was assigned by NCSC.ch. The flaw is significant because AES-CBC with PKCS#7 padding is a common cryptographic scheme, and ocrypto is used in security-sensitive applications. Exploitation requires local access to the system or environment where the vulnerable library is used, as the attack vector is local, and the attack complexity is high due to the need for precise timing measurements and repeated decryption attempts.

For European organizations, this vulnerability poses a risk primarily to applications and systems that rely on the ocrypto library for cryptographic operations, particularly those using AES-CBC with PKCS#7 padding. The confidentiality of sensitive data such as encryption keys, personal data, or proprietary information could be compromised if an attacker gains local access to the affected systems. This could lead to data breaches, regulatory non-compliance (e.g., GDPR violations), and loss of trust. Since the attack requires local access and has high complexity, remote exploitation is unlikely, reducing the risk of widespread automated attacks. However, insider threats or attackers who have already gained some foothold could leverage this vulnerability to escalate data exposure. The impact on integrity and availability is minimal, but confidentiality breaches in cryptographic contexts can have cascading effects on overall security posture. Organizations in sectors with high security requirements, such as finance, healthcare, and critical infrastructure, may face increased risks if they use vulnerable versions of ocrypto. The lack of patches at the time of publication necessitates immediate risk assessment and mitigation planning.

1. Immediate upgrade: Organizations should prioritize upgrading the ocrypto library to version 3.9.2 or later, where this vulnerability is fixed. 2. Access control: Restrict local access to systems running vulnerable versions of ocrypto to trusted personnel only, minimizing the risk of local exploitation. 3. Monitoring and detection: Implement monitoring for unusual local access patterns and timing-based side-channel attack attempts, although detection may be challenging. 4. Cryptographic review: Evaluate the use of AES-CBC with PKCS#7 padding in applications and consider migrating to more secure modes like AES-GCM or AES-CTR with authenticated encryption to eliminate padding oracle risks. 5. Code audit: Conduct a thorough security review of cryptographic implementations to identify and remediate timing side channels. 6. Incident response readiness: Prepare to respond to potential data exposure incidents by having data breach response plans aligned with GDPR and other regulations. 7. Vendor engagement: Engage with Oberon microsystems AG for official patches and security advisories and subscribe to their security mailing lists for updates.