CVE-2025-5318

HIGH EPSS 81.9%

Published Jun 24, 20251y ago · Modified Jun 17, 20261w ago

8.1 CVSS 3.1

High

Published Jun 24, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

CVSS Details

Base Score

8.1

Exploitability

2.8

Impact

5.2

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

81.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 5

Vendor	Product	Version	Range
redhat	openshift_container_platform	4.0	any
redhat	enterprise_linux	8.0	any
redhat	enterprise_linux	9.0	any
redhat	enterprise_linux	10.0	any
libssh	libssh	*	<0.11.2

References 30

access.redhat.com https://access.redhat.com/errata/RHSA-2025:18231

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:18275

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:18286

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19012

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19098

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19101

Third Party Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19295
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19300
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19313
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19400
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19401
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19470
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19472
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19807
access.redhat.com https://access.redhat.com/errata/RHSA-2025:19864
access.redhat.com https://access.redhat.com/errata/RHSA-2025:20943
access.redhat.com https://access.redhat.com/errata/RHSA-2025:21013
access.redhat.com https://access.redhat.com/errata/RHSA-2025:21329
access.redhat.com https://access.redhat.com/errata/RHSA-2025:21829
access.redhat.com https://access.redhat.com/errata/RHSA-2025:22275
access.redhat.com https://access.redhat.com/errata/RHSA-2025:23078
access.redhat.com https://access.redhat.com/errata/RHSA-2025:23079
access.redhat.com https://access.redhat.com/errata/RHSA-2025:23080
access.redhat.com https://access.redhat.com/errata/RHSA-2026:0326
access.redhat.com https://access.redhat.com/errata/RHSA-2026:1541
access.redhat.com https://access.redhat.com/errata/RHSA-2026:3461
access.redhat.com https://access.redhat.com/errata/RHSA-2026:3462
access.redhat.com https://access.redhat.com/security/cve/CVE-2025-5318

Third Party Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2369131

Issue TrackingThird Party Advisory
libssh.org https://www.libssh.org/security/advisories/CVE-2025-5318.txt

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.