{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-5372","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2025-05-30T11:22:02.534Z","datePublished":"2025-07-04T06:01:27.954Z","dateUpdated":"2026-04-07T08:30:28.136Z"},"containers":{"cna":{"title":"Libssh: incorrect return code handling in ssh_kdf() in libssh","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability."}],"affected":[{"vendor":"libssh","product":"libssh","versions":[{"status":"affected","version":"0","lessThan":"0.11.2","versionType":"semver"}],"packageName":"libssh","collectionURL":"https://git.libssh.org/projects/libssh.git","defaultStatus":"unaffected"},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libssh","defaultStatus":"affected","versions":[{"version":"0:0.9.6-16.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libssh","defaultStatus":"affected","versions":[{"version":"0:0.9.6-16.el8_10","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:enterprise_linux:8::appstream","cpe:/o:redhat:enterprise_linux:8::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libssh","defaultStatus":"affected","versions":[{"version":"0:0.9.6-3.el9_0.2","lessThan":"*","versionType":"rpm","status":"unaffected"}],"cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream","cpe:/o:redhat:rhel_e4s:9.0::baseos"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libssh","defaultStatus":"unaffected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libssh2","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libssh2","defaultStatus":"unknown","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"libssh","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2025:21977","name":"RHSA-2025:21977","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/errata/RHSA-2025:23024","name":"RHSA-2025:23024","tags":["vendor-advisory","x_refsource_REDHAT"]},{"url":"https://access.redhat.com/security/cve/CVE-2025-5372","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2369388","name":"RHBZ#2369388","tags":["issue-tracking","x_refsource_REDHAT"]}],"datePublic":"2025-06-24T00:00:00.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-682","description":"Incorrect Calculation","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-682: Incorrect Calculation","workarounds":[{"lang":"en","value":"To mitigate this issue, administrators should ensure that libssh is built against OpenSSL version 3.0 or later. This change eliminates the return code mismatch and prevents the erroneous use of uninitialized key material. It is also strongly recommended to apply vendor supplied patches or update to the latest libssh security release as soon as possible."}],"timeline":[{"lang":"en","time":"2025-05-30T11:26:05.731Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-06-24T00:00:00.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-04-07T08:30:28.136Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-08T14:08:57.301926Z","id":"CVE-2025-5372","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-08T14:09:04.669Z"}}]}}