As the sole NIST-standardized quantum-resistant key encapsulation mechanism, CRYSTALS-Kyber demands rigorous scrutiny of its side-channel countermeasures. However, there is a lack of research on side-channel security for the message decoding module in masked CRYSTALS-Kyber. In this paper, we seek to address this gap. First, we conduct a side-channel security evaluation of the first-order masked message decoding function in mkm4 of CRYSTALS-Kyber, finding that an incremental storage vulnerability still exists. Then, we implement a practical experiment in the Cortex-M4 CPU using the sum-of-squared difference method, with the accuracy of the message recovery reaching 90.6% and the secret key recovery achieving 77.2%. Furthermore, we theoretically analyze that any order of masking strategy cannot effectively protect the message decoding function, except by increasing the attack difficulty to a limited extent. We also provide our idea for solving this problem by emulating the data behavior of the dual-rail pre-charge logic circuit at the software level, which can effectively ensure the implementation security of CRYSTALS-Kyber.