Unrated severityNVD Advisory· Published Jul 4, 2025· Updated Jan 8, 2026

Libssh: double free vulnerability in libssh key export functions

CVE-2025-5351

Description

A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.

Affected products

Red Hat/Red Hat OpenShift Container Platform 4v5
cpe:/a:redhat:openshift:4
Red Hat/Red Hat Enterprise Linux 10v5
cpe:/o:redhat:enterprise_linux:10
Red Hat/Red Hat Enterprise Linux 6v5
cpe:/o:redhat:enterprise_linux:6
Red Hat/Red Hat Enterprise Linux 7v5
cpe:/o:redhat:enterprise_linux:7
Red Hat/Red Hat Enterprise Linux 8v5
cpe:/o:redhat:enterprise_linux:8
Red Hat/Red Hat Enterprise Linux 9v5
cpe:/o:redhat:enterprise_linux:9
Libssh/Libsshv5
Range: 0.10.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2025-5351mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000