CVE-2025-5318 - Vulnerability Details

A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0012.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Libssh	Libssh
Redhat	Enterprise Linux Openshift Openshift Container Platform Rhel Aus Rhel E4s Rhel Eus Rhel Eus Long Life Rhel Tus

Configuration 1 [-]

OR	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*

Configuration 2 [-]

cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-23900	A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Ubuntu USN	USN-7619-1	libssh vulnerabilities
Ubuntu USN	USN-7696-1	libssh vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2025:18231
https://access.redhat.com/errata/RHSA-2025:18275
https://access.redhat.com/errata/RHSA-2025:18286
https://access.redhat.com/errata/RHSA-2025:19012
https://access.redhat.com/errata/RHSA-2025:19098
https://access.redhat.com/errata/RHSA-2025:19101
https://access.redhat.com/errata/RHSA-2025:19295
https://access.redhat.com/errata/RHSA-2025:19300
https://access.redhat.com/errata/RHSA-2025:19313
https://access.redhat.com/errata/RHSA-2025:19400
https://access.redhat.com/errata/RHSA-2025:19401
https://access.redhat.com/errata/RHSA-2025:19470
https://access.redhat.com/errata/RHSA-2025:19472
https://access.redhat.com/security/cve/CVE-2025-5318
https://bugzilla.redhat.com/show_bug.cgi?id=2369131
https://nvd.nist.gov/vuln/detail/CVE-2025-5318
https://www.cve.org/CVERecord?id=CVE-2025-5318
https://www.libssh.org/security/advisories/CVE-2025-5318.txt

History

Wed, 05 Nov 2025 19:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.19::el9
References		https://access.redhat.com/errata/RHSA-2025:19300

Wed, 05 Nov 2025 13:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.17::el9
References		https://access.redhat.com/errata/RHSA-2025:19313

Wed, 05 Nov 2025 07:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:openshift:4~~	cpe:/a:redhat:openshift:4.20::el9
References		https://access.redhat.com/errata/RHSA-2025:19295

Mon, 03 Nov 2025 12:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.0::appstream cpe:/o:redhat:rhel_e4s:9.0::baseos
References		https://access.redhat.com/errata/RHSA-2025:19472

Mon, 03 Nov 2025 12:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:9.2::appstream cpe:/o:redhat:rhel_e4s:9.2::baseos
References		https://access.redhat.com/errata/RHSA-2025:19470

Mon, 03 Nov 2025 04:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus Long Life
CPEs		cpe:/a:redhat:rhel_aus:8.4::appstream cpe:/a:redhat:rhel_eus_long_life:8.4::appstream cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products		Redhat rhel Eus Long Life
References		https://access.redhat.com/errata/RHSA-2025:19401

Mon, 03 Nov 2025 02:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.2::appstream cpe:/o:redhat:rhel_aus:8.2::baseos
References		https://access.redhat.com/errata/RHSA-2025:19400

Mon, 27 Oct 2025 08:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_e4s:8.8::appstream cpe:/a:redhat:rhel_tus:8.8::appstream cpe:/o:redhat:rhel_e4s:8.8::baseos cpe:/o:redhat:rhel_tus:8.8::baseos
References		https://access.redhat.com/errata/RHSA-2025:19101

Mon, 27 Oct 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.6::appstream cpe:/a:redhat:rhel_e4s:8.6::appstream cpe:/a:redhat:rhel_tus:8.6::appstream cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Tus
References		https://access.redhat.com/errata/RHSA-2025:19098

Thu, 23 Oct 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.4::appstream cpe:/o:redhat:rhel_eus:9.4::baseos
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2025:19012

Mon, 20 Oct 2025 08:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/o:redhat:enterprise_linux:8::baseos
References		https://access.redhat.com/errata/RHSA-2025:18286

Fri, 17 Oct 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos
References		https://access.redhat.com/errata/RHSA-2025:18275

Thu, 16 Oct 2025 10:45:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:10~~	cpe:/o:redhat:enterprise_linux:10.0
References		https://access.redhat.com/errata/RHSA-2025:18231

Wed, 08 Oct 2025 16:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:rhivos:1~~
Vendors & Products	Redhat rhivos

Wed, 01 Oct 2025 07:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhivos
CPEs		cpe:/o:redhat:rhivos:1
Vendors & Products		Redhat rhivos

Mon, 22 Sep 2025 19:30:00 +0000

Type	Values Removed	Values Added
Description	A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.	A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.

Thu, 21 Aug 2025 01:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Libssh Libssh libssh Redhat openshift Container Platform
CPEs		cpe:2.3:a:libssh:libssh:::::::: cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:o:redhat:enterprise_linux:10.0:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
Vendors & Products		Libssh Libssh libssh Redhat openshift Container Platform

Wed, 25 Jun 2025 00:30:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-5318 https://www.cve.org/CVERecord?id=CVE-2025-5318
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 24 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 24 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Title		Libssh: out-of-bounds read in sftp_handle()
First Time appeared		Redhat Redhat enterprise Linux Redhat openshift
Weaknesses		CWE-125
CPEs		cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux Redhat openshift
References		https://access.redhat.com/security/cve/CVE-2025-5318 https://bugzilla.redhat.com/show_bug.cgi?id=2369131 https://www.libssh.org/security/advisories/CVE-2025-5318.txt
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-06-24T14:10:07.188Z

Updated: 2025-11-05T19:37:13.922Z

Reserved: 2025-05-29T07:01:42.703Z

Link: CVE-2025-5318

Vulnrichment

Updated: 2025-06-24T14:29:15.706Z

NVD

Status : Modified

Published: 2025-06-24T14:15:30.523

Modified: 2025-11-05T20:15:35.953

Link: CVE-2025-5318

Redhat

Severity : Moderate

Publid Date: 2025-06-24T00:00:00Z

Links: CVE-2025-5318 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object