CVE-2025-5318
BaseFortify
Publication date: 2025-06-24
Last updated on: 2026-02-27
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| libssh | libssh | From 0.10.0 (inc) to 0.11.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds read flaw in the libssh library's sftp_handle() function. Due to an incorrect boundary check, the function can access memory beyond the valid handle list and return an invalid pointer. This pointer is then used in further processing, which can lead to reading unintended memory regions. Exploitation requires an attacker to be authenticated on the server. [1]
How can this vulnerability impact me? :
If exploited by an authenticated remote attacker, this vulnerability can allow reading of unintended memory regions, potentially exposing sensitive information or affecting the behavior of the service running the vulnerable libssh version. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves ensuring that the libssh library on your systems is updated to a version that fixes this out-of-bounds read vulnerability in the sftp_handle() function. Since exploitation requires authenticated access, restricting access to the SFTP service and monitoring for unusual authenticated activity can help reduce risk until patches are applied. [1]