CVE-2025-5372

04.07.2025, 06:15

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for successthe function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
redhat	CNA	5 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 17%

Vendor	Product	Version
libssh	libssh	𝑥 < 0.11.2
redhat	openshift_container_platform	4.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	enterprise_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libssh

bullseye (security)	vulnerable
bullseye	postponed
bookworm	no-dsa
bookworm (security)	vulnerable
trixie	0.11.2-1 fixed
forky	0.11.3-1 fixed
sid	0.11.3-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libssh

plucky	Fixed 0.11.1-1ubuntu0.1 released
oracular	Fixed 0.10.6-3ubuntu1.1 released
noble	Fixed 0.10.6-2ubuntu0.1 released
jammy	Fixed 0.9.6-2ubuntu0.22.04.4 released
focal	ignored
bionic	ignored
xenial	ignored

Common Weakness Enumeration

CWE-682 - Incorrect Calculation
The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

References

https://access.redhat.com/security/cve/CVE-2025-5372

https://bugzilla.redhat.com/show_bug.cgi?id=2369388