CVE-2025-9071 is a cryptographic vulnerability identified in the Oberon PSA Crypto library developed by Oberon microsystems AG, affecting all versions up to 1.5.1, including version 1.0.0 specifically mentioned. The flaw arises from the incorrect implementation of RSA-OEAP padding, where an all-zero seed is used instead of properly generated random bytes. RSA-OEAP (Optimal Asymmetric Encryption Padding) is a padding scheme designed to provide semantic security for RSA encryption by incorporating randomness. The use of a fixed all-zero seed removes this randomness, causing the RSA encryption to become deterministic. This determinism leads to several security issues: it allows attackers to recognize repeated messages by observing identical ciphertexts, compromises confidentiality for guessable messages since the encryption output is predictable, and invalidates the security proofs that rely on the randomness of the padding. The vulnerability is categorized under CWE-780, which relates to the use of cryptographic algorithms without proper padding or randomness, weakening the encryption strength. The CVSS 4.0 score is low (2.3), reflecting that exploitation requires high attack complexity, no privileges, and user interaction, with limited confidentiality impact and no impact on integrity or availability. No known exploits are currently reported in the wild. This vulnerability primarily affects applications and systems that rely on Oberon PSA Crypto for RSA encryption, potentially exposing sensitive data to passive attackers capable of observing encrypted messages. The issue is subtle because it stems from a cryptographic implementation detail rather than a direct code execution or memory corruption flaw.

For European organizations using Oberon PSA Crypto in their security infrastructure, this vulnerability could lead to the exposure of sensitive encrypted data, especially if the encrypted messages are predictable or repeated. While the impact is limited by the low CVSS score, the deterministic nature of the encryption can facilitate traffic analysis and message recognition by adversaries, undermining confidentiality guarantees. This is particularly concerning for sectors handling sensitive personal data, financial transactions, or intellectual property, where even partial data leakage or message pattern recognition can have regulatory and reputational consequences under GDPR and other data protection frameworks. However, since exploitation requires user interaction and has high attack complexity, the immediate risk is moderate. The lack of known exploits suggests that the vulnerability is not actively targeted yet, but organizations should not underestimate the risk of future exploitation as attackers develop more sophisticated methods. The vulnerability does not affect integrity or availability, so operational disruption is unlikely. Nonetheless, the cryptographic weakness may erode trust in affected systems and complicate compliance with security standards that mandate strong encryption practices.

Organizations should prioritize upgrading to a patched version of Oberon PSA Crypto once available, as the root cause is a cryptographic implementation flaw that cannot be mitigated by configuration changes alone. Until a patch is released, organizations should audit their use of Oberon PSA Crypto to identify where RSA encryption with OEAP padding is employed and assess the sensitivity of the data protected. If feasible, they should replace or supplement the vulnerable library with alternative cryptographic libraries that correctly implement RSA-OEAP with proper randomness. Additionally, implementing application-level mitigations such as adding additional layers of encryption or using authenticated encryption schemes can reduce exposure. Monitoring for unusual patterns in encrypted traffic and educating users about the risks of interacting with suspicious content may help mitigate exploitation attempts. Finally, organizations should engage with Oberon microsystems AG for timely updates and follow guidance from national cybersecurity authorities like NCSC.ch.