Description
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
Published: 2025-07-04
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential compromise of SSH session confidentiality, integrity, and availability.
Action: Patch ASAP
AI Analysis

Impact

A flaw in libssh's key derivation function, triggered when built with OpenSSL before version 3.0, causes the library to misinterpret success and failure codes. When key derivation fails, the function returns a success status, allowing an SSH session to proceed with uninitialized key material. This reuse of invalid keys can undermine the encryption used by the session, leading to confidentiality, integrity, and availability problems for the affected SSH connections. The weakness is a classic incorrect error handling flaw, mapped to CWE-682.

Affected Systems

This vulnerability applies to any system that ships an older build of libssh linked to OpenSSL below 3.0. Red Hat Enterprise Linux 6, 7, 8, 9, 10, as well as the 9.0 Update Services for SAP Solutions, are all affected. Red Hat OpenShift Container Platform 4 also contains the vulnerable libssh component, and standalone libssh libraries distributed with older OpenSSL versions are impacted as well.

Risk and Exploitability

The CVSS score of 5.0 indicates medium severity. The EPSS score of less than 1% suggests a very low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Because the flaw lies at the core of SSH key establishment, a remote attacker able to manipulate the key exchange could potentially hijack or downgrade sessions. The attack vector is inferred to be remote, involving malicious SSH clients or servers that trigger the mis‑handled key derivation. Systems using the affected library remain vulnerable until patched or rebuilt against a recent OpenSSL.

Generated by OpenCVE AI on April 28, 2026 at 01:12 UTC.

Remediation

Vendor Workaround

To mitigate this issue, administrators should ensure that libssh is built against OpenSSL version 3.0 or later. This change eliminates the return code mismatch and prevents the erroneous use of uninitialized key material. It is also strongly recommended to apply vendor supplied patches or update to the latest libssh security release as soon as possible.

OpenCVE Recommended Actions

  • Apply the Red Hat errata RHSA-2025:21977 and RHSA-2025:23024 (or the equivalent vendor patch) to update libssh.
  • Ensure libssh is built against OpenSSL 3.0 or later; if the distribution package still links to an older OpenSSL, rebuild the library accordingly.
  • Restart all SSH services after updating or rebuilding the library so the corrected key‑derivation logic is loaded.

Generated by OpenCVE AI on April 28, 2026 at 01:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4385-1 libssh security update
EUVD EUVD EUVD-2025-19931 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
Ubuntu USN Ubuntu USN USN-7619-1 libssh vulnerabilities
History

Wed, 10 Dec 2025 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:rhel_e4s:9.0::baseos
Vendors & Products Redhat rhel E4s
References

Mon, 24 Nov 2025 21:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/o:redhat:enterprise_linux:8::baseos
References

Fri, 22 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Libssh
Libssh libssh
Redhat openshift Container Platform
CPEs cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Libssh
Libssh libssh
Redhat openshift Container Platform

Tue, 08 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 04 Jul 2025 12:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 04 Jul 2025 06:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
Title Libssh: incorrect return code handling in ssh_kdf() in libssh
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-682
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Libssh Libssh
Redhat Enterprise Linux Openshift Openshift Container Platform Rhel E4s
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-07T08:30:28.136Z

Reserved: 2025-05-30T11:22:02.534Z

Link: CVE-2025-5372

cve-icon Vulnrichment

Updated: 2025-07-08T14:09:00.664Z

cve-icon NVD

Status : Modified

Published: 2025-07-04T06:15:24.930

Modified: 2025-12-10T19:16:14.643

Link: CVE-2025-5372

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-06-24T00:00:00Z

Links: CVE-2025-5372 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:15:15Z

Weaknesses