Low severity3.6NVD Advisory· Published Jul 22, 2025· Updated May 6, 2026

CVE-2025-4878

Description

A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2025-4878nvd
bugzilla.redhat.com/show_bug.cginvd
git.libssh.org/projects/libssh.git/commit/nvd
git.libssh.org/projects/libssh.git/commit/nvd
www.libssh.org/security/advisories/CVE-2025-4878.txtnvd

News mentions

No linked articles in our index yet.

cvss	0.234
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000