CVE-2025-5318

CWE-125 โ€” Out-of-bounds Read14 documents9 sources
Severity
8.1HIGH
EPSS
0.1%
top 70.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Libssh LibsshRedhat Enterprise LinuxRedhat Openshift Container Platform
Timeline
PublishedJun 24
Latest updateJan 15

Description

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

โ–ถNVDlibssh/libssh< 0.11.2
โ–ถDebianlibssh< 0.9.8-0+deb11u2+3

Also affects: Enterprise Linux 10.0, 8.0, 9.0, Openshift Container Platform 4.0

๐Ÿ”ดVulnerability Details

5
OSV
libssh vulnerabilitiesโ†—2025-08-14
โ–ถ
OSV
libssh vulnerabilitiesโ†—2025-07-07
โ–ถ
GHSA
GHSA-98qw-prqm-9f4p: A flaw was found in the libssh libraryโ†—2025-06-26
โ–ถ
CVEList
Libssh: out-of-bounds read in sftp_handle()โ†—2025-06-24
โ–ถ
OSV
CVE-2025-5318: A flaw was found in the libssh library in versions less than 0โ†—2025-06-24
โ–ถ

๐Ÿ“‹Vendor Advisories

7
Oracle
Oracle Oracle Communications Risk Matrix: Security (libssh) โ€” CVE-2025-5318โ†—2026-01-15
โ–ถ
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (libssh) โ€” CVE-2025-5318โ†—2025-10-15
โ–ถ
Ubuntu
libssh vulnerabilitiesโ†—2025-08-14
โ–ถ
Ubuntu
libssh vulnerabilitiesโ†—2025-07-07
โ–ถ
Red Hat
libssh: out-of-bounds read in sftp_handle()โ†—2025-06-24
โ–ถ