CVE-2025-5372
Severity
8.8HIGH
EPSS
0.1%
top 72.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 4
Latest updateApr 6
Description
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confide…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4
Affected Packages3 packages
Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0, Openshift Container Platform 4.0