CVE-2025-5318

EUVD-2025-23900
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
redhatCNA
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
redhatopenshift_container_platform
4.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
libsshlibssh
𝑥
< 0.11.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libssh
bookworm
0.10.6-0+deb12u2
fixed
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
0.9.8-0+deb11u2
fixed
forky
0.11.3-1
fixed
sid
0.11.3-1
fixed
trixie
0.11.2-1+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libssh
bionic
Fixed 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm4
released
focal
Fixed 0.9.3-2ubuntu2.5+esm1
released
jammy
Fixed 0.9.6-2ubuntu0.22.04.4
released
noble
Fixed 0.10.6-2ubuntu0.1
released
oracular
Fixed 0.10.6-3ubuntu1.1
released
plucky
Fixed 0.11.1-1ubuntu0.1
released
xenial
Fixed 0.6.3-4.3ubuntu0.6+esm2
released
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2025:18231
https://access.redhat.com/errata/RHSA-2025:18275
https://access.redhat.com/errata/RHSA-2025:18286
https://access.redhat.com/errata/RHSA-2025:19012
https://access.redhat.com/errata/RHSA-2025:19098
https://access.redhat.com/errata/RHSA-2025:19101
https://access.redhat.com/errata/RHSA-2025:19295
https://access.redhat.com/errata/RHSA-2025:19300
https://access.redhat.com/errata/RHSA-2025:19313
https://access.redhat.com/errata/RHSA-2025:19400
https://access.redhat.com/errata/RHSA-2025:19401
https://access.redhat.com/errata/RHSA-2025:19470
https://access.redhat.com/errata/RHSA-2025:19472
https://access.redhat.com/errata/RHSA-2025:19807
https://access.redhat.com/errata/RHSA-2025:19864
https://access.redhat.com/errata/RHSA-2025:20943
https://access.redhat.com/errata/RHSA-2025:21013
https://access.redhat.com/errata/RHSA-2025:21329
https://access.redhat.com/errata/RHSA-2025:21829
https://access.redhat.com/errata/RHSA-2025:22275
https://access.redhat.com/errata/RHSA-2025:23078
https://access.redhat.com/errata/RHSA-2025:23079
https://access.redhat.com/errata/RHSA-2025:23080
https://access.redhat.com/errata/RHSA-2026:0326
https://access.redhat.com/errata/RHSA-2026:1541
https://access.redhat.com/security/cve/CVE-2025-5318
https://bugzilla.redhat.com/show_bug.cgi?id=2369131
https://www.libssh.org/security/advisories/CVE-2025-5318.txt