Unrated severityNVD Advisory· Published Jul 4, 2025· Updated Apr 7, 2026
Libssh: incorrect return code handling in ssh_kdf() in libssh
CVE-2025-5372
Description
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability.
Affected products
8- Red Hat/Red Hat Enterprise Linux 8v5cpe:/a:redhat:enterprise_linux:8::appstreamRange: 0:0.9.6-16.el8_10
- Red Hat/Red Hat OpenShift Container Platform 4v5cpe:/a:redhat:openshift:4
- Red Hat/Red Hat Enterprise Linux 9.0 Update Services for SAP Solutionsv5cpe:/a:redhat:rhel_e4s:9.0::appstreamRange: 0:0.9.6-3.el9_0.2
- Red Hat/Red Hat Enterprise Linux 10v5cpe:/o:redhat:enterprise_linux:10
- Red Hat/Red Hat Enterprise Linux 6v5cpe:/o:redhat:enterprise_linux:6
- Red Hat/Red Hat Enterprise Linux 7v5cpe:/o:redhat:enterprise_linux:7
- Red Hat/Red Hat Enterprise Linux 9v5cpe:/o:redhat:enterprise_linux:9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- access.redhat.com/errata/RHSA-2025:21977mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2025:23024mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2025-5372mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
News mentions
0No linked articles in our index yet.