FKIE_CVE-2025-5318

Vulnerability from fkie_nvd - Published: 2025-06-24 14:15 - Updated: 2025-12-05 19:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:18231Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:18275Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:18286Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19012Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19098Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19101Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19295
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19300
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19313
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19400
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19401
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19470
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19472
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19807
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:19864
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:20943
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:21013
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:21329
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:21829
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2025:22275
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2025-5318Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2369131Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://www.libssh.org/security/advisories/CVE-2025-5318.txtVendor Advisory
Impacted products
Vendor Product Version
redhat openshift_container_platform 4.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
libssh libssh *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E05F605-6E29-4F09-96DF-A1E1B29D0C3C",
              "versionEndExcluding": "0.11.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en la librer\u00eda libssh. Una lectura fuera de los l\u00edmites puede activarse en la funci\u00f3n sftp_handle debido a una comprobaci\u00f3n de comparaci\u00f3n incorrecta que permite que la funci\u00f3n acceda a memoria m\u00e1s all\u00e1 de la lista de manejadores v\u00e1lidos y devuelva un puntero no v\u00e1lido, que se utiliza en el procesamiento posterior. Esta vulnerabilidad permite que un atacante remoto autenticado lea regiones de memoria no deseadas, exponiendo informaci\u00f3n confidencial o afectando el comportamiento del servicio."
    }
  ],
  "id": "CVE-2025-5318",
  "lastModified": "2025-12-05T19:15:48.600",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-06-24T14:15:30.523",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:18231"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:18275"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:18286"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:19012"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:19098"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2025:19101"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:19295"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:19300"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:19313"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:19400"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:19401"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:19470"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:19472"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:19807"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:19864"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:20943"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:21013"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:21329"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:21829"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2025:22275"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2025-5318"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.