In WPA2-PSK, the traffic is encrypted under a key that is derived from the PSK and from some values that are exchanged in the clear during the initial handshake between the device and the router.
(There is no public-key crypto involved in this stage; it is all symmetric-key crypto.) Consequently, an eavesdropper who has captured the entire network trace and who knows the PSK can re-derive the decryption key and then decrypt all of the traffic.
Alternatively, if the attacker has not captured the initial handshake, the attacker can force the device to disassociate and re-associate. (The disassociate command is not authenticated, and thus can be spoofed by the attacker.) This will now let the eavesdropper capture the initial handshake when the device re-associates and decrypt all subsequent traffic, if the eavesdropper knows the PSK.