CVE-2025-5372

MEDIUM

Libssh <3.0 - Uninitialized Key Buffer

Title source: llm

Description

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.

References (4)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:21977

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:23024

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2025-5372

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2369388

Scores

CVSS v3 5.0

EPSS 0.0031

EPSS Percentile 54.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-682

Status published

Products (14)

libssh/libssh < 0.11.2 (2 CPE variants)

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8 0:0.9.6-16.el8_10

Red Hat/Red Hat Enterprise Linux 9

Red Hat/Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions 0:0.9.6-3.el9_0.2

Red Hat/Red Hat OpenShift Container Platform 4

redhat/enterprise_linux 6.0

redhat/enterprise_linux 7.0

... and 4 more

Published Jul 04, 2025

Tracked Since Feb 18, 2026