CVE-2025-14821

EUVD-2025-209270

07.04.2026, 17:16

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secure Shell) connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an insecure default configuration on Windows systems where the library automatically loads configuration files from the C:\etc directory, which can be created and modified by unprivileged local users.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 2%

Affected Products (NVD)

Vendor	Product	Version
libssh	libssh	𝑥 < 0.12.0
redhat	hardened_images	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libssh

bookworm	0.10.6-0+deb12u2 fixed
bookworm (security)	0.10.6-0+deb12u1 fixed
bullseye	0.9.8-0+deb11u1 fixed
bullseye (security)	0.9.8-0+deb11u2 fixed
forky	0.12.0-3 fixed
sid	0.12.0-3 fixed
trixie	0.11.2-1+deb13u1 fixed

Common Weakness Enumeration

CWE-427 - Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References

https://access.redhat.com/errata/RHSA-2026:7067

https://access.redhat.com/security/cve/CVE-2025-14821

https://bugzilla.redhat.com/show_bug.cgi?id=2423148

https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/