CVE-2025-5372

MEDIUM

Libssh <3.0 - Uninitialized Key Buffer

Title source: llm

Description

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.

References (7)

Core 7

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2026:24349

https://access.redhat.com/errata/RHSA-2026:24349

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2026:25911

https://access.redhat.com/errata/RHSA-2026:25911

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:21977

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2025:23024

Vendor Advisory vendor-advisory x_refsource_redhat

RHSA-2026:20610

https://access.redhat.com/errata/RHSA-2026:20610

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2025-5372

Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2369388

Scores

CVSS v3 5.0

EPSS 0.0041

EPSS Percentile 32.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-682

Status published

Products (20)

libssh/libssh < 0.11.2 (2 CPE variants)

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8 0:0.9.6-16.el8_10

Red Hat/Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support 0:0.9.4-2.el8_4.2

Red Hat/Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On 0:0.9.4-2.el8_4.2

Red Hat/Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support 0:0.9.6-4.el8_6.2

Red Hat/Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On 0:0.9.6-4.el8_6.2

Red Hat/Red Hat Enterprise Linux 8.8 Telecommunications Update Service 0:0.9.6-13.el8_8.2

... and 10 more

Published Jul 04, 2025

Tracked Since Feb 18, 2026