CVE-2025-8114
BaseFortify
Publication date: 2025-07-24
Last updated on: 2025-11-17
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libssh | libssh | From 0.10.0 (inc) to 0.11.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8114 is a vulnerability in the libssh library where a failure to allocate memory properly during the session ID calculation in the key exchange process can cause a NULL pointer dereference. This means that if the system fails to allocate memory during cryptographic operations, it may try to use a NULL pointer, leading to a crash of the SSH client or server. [1]
How can this vulnerability impact me? :
This vulnerability can cause the SSH client or server to crash, resulting in a denial of service. An attacker with limited local privileges can exploit this flaw without user interaction, disrupting secure communication services that rely on libssh, potentially affecting system availability. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update libssh to a version later than 0.11.2 where the issue is fixed. Additionally, restrict local user privileges to limit exploitation potential and monitor for crashes in SSH clients or servers using libssh as these may indicate attempts to trigger the NULL pointer dereference. [1]